Out of Bounds Write in V8 Prior to 124.0.6367.207 Allows Remote Attacker to Perform Out of Bounds Memory Write

CVE-2024-4761
8.8HIGH

Key Information

Vendor
Google
Status
Chrome
Vendor
CVE Published:
14 May 2024

Badges

😄 Trended👾 Exploit Exists🔴 Public PoC📰 News Worthy

Summary

The first article discusses a zero-day vulnerability, CVE-2024-4761, in Google Chrome that allows remote attackers to execute arbitrary code by tricking victims into opening a specially crafted web page. Google has released an emergency security update to address the flaw, which is the sixth Chrome zero-day flaw fixed by Google since the beginning of 2024. This vulnerability has been exploited in the wild, and users are urged to update their browsers immediately to mitigate the risk of unauthorized access and data theft. The second article also covers the same zero-day vulnerability, CVE-2024-4761, in Google Chrome, with a focus on understanding the exploit, Google's response, the impact on users, and steps to protect against it. It reiterates the need for users to update their Chrome browser to the latest version to receive the security patch and highlights the potential risks associated with the exploitation of this vulnerability, including unauthorized access to sensitive information and the installation of unwanted software.

CISA Reported

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2024-4761 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace as recent news articles suggest the vulnerability is being used by ransomware groups.

The CISA's recommendation is: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Affected Version(s)

Chrome < 124.0.6367.207

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-4761
Created by michredteam

News Articles

favicon imageHackhunting

Google Chrome Releases 125.0.6422.76/77 Fixing Multiple Vulnerabilities

Google Chrome has released version 125.0.6422.76/.77, fixing multiple vulnerabilities including Use After Free, Type Confusion, and Heap Buffer Overflow. Severity is pending, but CVEs have been assigned. Bug fixes for six vulnerabilities, with rewards for four, including a critical zero-day vulnerab...

6 months ago

favicon imageBleepingComputer

CISA warns of hackers exploiting Chrome, EoL D-Link bugs

The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has added three security vulnerabilities to its 'Known Exploited Vulnerabilities' catalog, one impacting Google Chrome and two affecting some D-Link routers.

6 months ago

favicon imageSecurity Affairs

Google fixes sixth actively exploited Chrome zero-day this year

Google released emergency security updates to address an actively exploited Chrome zero-day vulnerability.

6 months ago

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • 👾

    Exploit exists.

  • Vulnerability started trending.

  • Vulnerability published.

  • First article discovered by Vivaldi Browser

  • Vulnerability Reserved.

Collectors

NVD DatabaseMitre DatabaseCISA DatabaseGoogle Feed1 Proof of Concept(s)13 News Article(s)
.