CVE-2024-0519
CVE-2024-0519
Vexday Risk Score
51Attention
SSVC decision (CISA)
Act
Exploitation + impact → act immediately
CVSS 8.8EPSS 3.8%KEV simPoC —Nuclei —Metasploit —Patch —
Lifecycle
16 Jan 2024Published on NVD
17 Jan 2024Active exploitation (CISA KEV)
Recommendation: Patch as soon as possible — active exploitation confirmed.
In short
A memory safety flaw in Chrome's V8 engine allows attackers to access memory outside safe boundaries through a malicious webpage, potentially corrupting the browser's memory and executing harmful code.
Technical detail
Out-of-bounds read/write in V8 JavaScript engine (CWE-125, CWE-787) exploitable via crafted HTML delivered to remote users; heap corruption may enable arbitrary code execution with victim's browser privileges. Requires user interaction (visiting malicious page).
Summary generated and translated by AI from the official description.
Out of bounds memory access in V8 in Google Chrome prior to 120.0.6099.224 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
Google · ChromeWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_16.htmlhttps://crbug.com/1517354https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IIUBRVICICWREJQUVT67RS7E4PVZQ5RS/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TNN4SO5UI3U3Q6ASTVT6WMZ4723FYDLH/https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-0519https://www.couchbase.com/alerts/