Remote Code Execution in Chrome's V8 Prior to 125.0.6422.60
CVE-2024-4947
Key Information
- Vendor
- Status
- Chrome
- Vendor
- CVE Published:
- 15 May 2024
Badges
What is CVE-2024-4947?
CVE-2024-4947 is a critical vulnerability in Google Chrome's V8 JavaScript engine found in versions prior to 125.0.6422.60. V8 is designed for executing JavaScript code within the browser, serving as a foundational component for web applications. This vulnerability introduces a type confusion issue that permits remote attackers to execute arbitrary code within the browser's sandbox environment via specially crafted HTML content. Such exploitability poses significant risks to organizations as it could lead to unauthorized access to sensitive information or control over systems browsing compromised sites.
Technical Details
CVE-2024-4947 is a result of type confusion within the V8 engine, a key part of Google Chrome's architecture. Type confusion occurs when a program misinterprets the data types of variables or objects, enabling an attacker to manipulate the execution flow of the application. By exploiting this flaw, attackers can deliberately craft malicious web pages that, when loaded, trigger the vulnerability and allow them to run arbitrary code on a user's device, all while it seems to be operating within a secure environment.
Impact of the Vulnerability
-
Remote Code Execution: The primary risk associated with CVE-2024-4947 is the ability for malicious actors to execute arbitrary code remotely. Successful exploitation could lead to full system compromise, allowing attackers to execute a variety of malicious activities ranging from data theft to deploying additional malware.
-
Data Breaches: Since the vulnerability allows attackers to gain control over the user's browsing session, there is a high risk of sensitive information being exposed. This includes personal data, credentials, and corporate secrets which could be exploited for further malicious intent.
-
Widespread Exploitation Potential: Given that the affected software is a widely used web browser, the impact could reach a vast number of users. The ease of access to exploit this vulnerability through crafted webpages increases the likelihood of active exploitation in the wild, making it a significant threat to both individuals and organizations relying on Chrome for internet access.
CISA Reported
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2024-4947 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace as recent news articles suggest the vulnerability is being used by ransomware groups.
The CISA's recommendation is: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Affected Version(s)
Chrome < 125.0.6422.60
News Articles
Help Net SecurityExploited: Cisco, SharePoint, Chrome vulnerabilities - Help Net Security
Fix these vulnerabilities in Cisco security appliances (CVE-2024-20481), Sharepoint (CVE-2024-38094), and Chrome (CVE-2024-4947).
2 months ago
Lazarus hackers used fake DeFi game to exploit Google Chrome zero-day
The North Korean Lazarus hacking group exploited a Google Chrome zero-day tracked as CVE-2024-4947 through a fake decentralized finance (DeFi) game targeting individuals in the cryptocurrency space.
2 months ago
Refferences
CVSS V3.1
Timeline
- 😈
Used in Ransomware
- 🔥
Vulnerability reached the number 1 worldwide trending spot
CISA Reported
Vulnerability started trending
Vulnerability Reserved
- 👾
Exploit known to exist
First article discovered by BleepingComputer
Vulnerability published