Remote Out of Bounds Memory Write Vulnerability in Chrome Prior to 126.0.6478.54

CVE-2024-5830

8.8HIGH

Key Information

Vendor: Google
Status: Chrome
Vendor: CVE Published:; 11 June 2024

Badges

👾 Exploit Exists📰 News Worthy

Summary

The CVE-2024-5830 vulnerability is a critical security flaw in Chrome's V8 JavaScript engine, allowing an attacker to execute arbitrary code within the Chrome renderer sandbox by getting a victim to visit a malicious website. The flaw is a type confusion bug within the V8 engine’s handling of object maps and transitions, leading to out-of-bounds memory write. Exploiting this vulnerability provides the attacker with the capability to manipulate objects and data structures within the JavaScript engine. Although this vulnerability has been patched by Google, the severity of the flaw and the techniques used to escape Chrome’s heap isolation mechanisms highlight the ongoing security challenges in web browsers. There are no known actual exploits of this vulnerability by ransomware groups at this time.

Affected Version(s)

Chrome < 126.0.6478.54

News Articles

CybersecurityNews

CVE-2024-5830

One Click on a Malicious Site Could Exploit Chrome V8 Engine RCE Vulnerability

A critical security vulnerability identified as CVE-2024-5830 has been discovered in Chrome's V8 JavaScript engine.

3 months ago

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

👾
Exploit exists.
Sep 24, 2024
First article discovered by CybersecurityNews
Aug 14, 2024
Vulnerability Reserved.
Jun 11, 2024
Vulnerability published.
Jun 11, 2024

Collectors

NVD DatabaseMitre DatabaseGoogle Feed1 News Article(s)