CVE-2024-4761
CVE-2024-4761
Vexday Risk Score
76High priority
SSVC decision (CISA)
Act
Exploitation + impact → act immediately
CVSS 8.3EPSS 11.0%KEV simPoC públicaNuclei —Metasploit —Patch —
Lifecycle
14 May 2024Published on NVD
14 May 2024Public PoC
16 May 2024Active exploitation (CISA KEV)
Recommendation: Patch as soon as possible — active exploitation confirmed.
In short
A flaw in Google Chrome's V8 engine allows attackers to write data outside intended memory boundaries through a malicious webpage, potentially enabling code execution or system compromise.
Technical detail
Out-of-bounds write vulnerability in V8 (CWE-787) exploitable via crafted HTML; requires user to visit a malicious page; can lead to arbitrary code execution with renderer process privileges. Affects Chrome versions prior to 124.0.6367.207.
Summary generated and translated by AI from the official description.
Out of bounds write in V8 in Google Chrome prior to 124.0.6367.207 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
Affected products
Google · Chromepublic PoCs found — 1
githubgithub.com/michredteam/CVE-2024-4761★ 4⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_13.htmlhttps://issues.chromium.org/issues/339458194https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6G7EYH2JAK5OJPVNC6AXYQ5K7YGYNCDN/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NTSN22LNYXMWHVTYNOYQVOY7VDZFHENQ/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WSUWM73ZCXTN62AT2REYQDD5ZKPFMDZD/https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-4761