Remote Code Execution in Chrome's V8 Prior to 125.0.6422.60

CVE-2024-4947

8.8HIGH

Key Information

Vendor: Google
Status: Chrome
Vendor: CVE Published:; 15 May 2024

Badges

🔥 No. 1 Trending😄 Trended👾 Exploit Exists📰 News Worthy

Summary

The vulnerability CVE-2024-4947 is a type confusion weakness in the Chrome V8 JavaScript engine, allowing a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Google has rolled an emergency patch for the high-severity flaw, as it has been exploited in the wild. The bug also affects Chromium-based browsers such as Microsoft Edge, and Microsoft is working on a fix. This is the third zero-day vulnerability that Google has patched in the last week. It is crucial for users to update their Chrome browser to version 125.0.6422.60 in order to address this vulnerability and prevent potential attacks.

CISA Reported

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2024-4947 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace as recent news articles suggest the vulnerability is being used by ransomware groups.

The CISA's recommendation is: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Affected Version(s)

Chrome < 125.0.6422.60

News Articles

Help Net Security

CVE-2024-38094CVE-2024-4947

Exploited: Cisco, SharePoint, Chrome vulnerabilities - Help Net Security

Fix these vulnerabilities in Cisco security appliances (CVE-2024-20481), Sharepoint (CVE-2024-38094), and Chrome (CVE-2024-4947).

1 month ago

BleepingComputer

CVE-2024-4947

Lazarus hackers used fake DeFi game to exploit Google Chrome zero-day

The North Korean Lazarus hacking group exploited a Google Chrome zero-day tracked as CVE-2024-4947 through a fake decentralized finance (DeFi) game targeting individuals in the cryptocurrency space.

1 month ago

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🔥
Vulnerability reached the number 1 worldwide trending spot.
May 22, 2024
Vulnerability started trending.
May 16, 2024
First article discovered by BleepingComputer
May 15, 2024
👾
Exploit exists.
May 15, 2024
Vulnerability Reserved.
May 15, 2024
Vulnerability published.
May 15, 2024

Collectors

NVD DatabaseMitre DatabaseCISA Database19 News Article(s)