Remote Out of Bounds Memory Write Vulnerability in Chrome Prior to 126.0.6478.54
CVE-2024-5830

8.8HIGH

Key Information:

Vendor
Google
Status
Chrome
Vendor
CVE Published:
11 June 2024

Badges

👾 Exploit Exists📰 News Worthy

Summary

The CVE-2024-5830 vulnerability is a critical security flaw in Chrome's V8 JavaScript engine, allowing an attacker to execute arbitrary code within the Chrome renderer sandbox by getting a victim to visit a malicious website. The flaw is a type confusion bug within the V8 engine’s handling of object maps and transitions, leading to out-of-bounds memory write. Exploiting this vulnerability provides the attacker with the capability to manipulate objects and data structures within the JavaScript engine. Although this vulnerability has been patched by Google, the severity of the flaw and the techniques used to escape Chrome’s heap isolation mechanisms highlight the ongoing security challenges in web browsers. There are no known actual exploits of this vulnerability by ransomware groups at this time.

Affected Version(s)

Chrome 126.0.6478.54

News Articles

favicon imageCybersecurityNews

One Click on a Malicious Site Could Exploit Chrome V8 Engine RCE Vulnerability

A critical security vulnerability identified as CVE-2024-5830 has been discovered in Chrome's V8 JavaScript engine.

5 months ago

References

https://chromereleases.googleblog.com/2024/06/stable-chan...
https://issues.chromium.org/issues/342456991
https://lists.fedoraproject.org/archives/list/package-ann...

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • 👾

    Exploit known to exist

  • 📰

    First article discovered by CybersecurityNews

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre DatabaseGoogle Feed1 News Article(s)
.