⚠ Actively exploited

Added to CISA KEV on 2024-01-17. Federal agencies required to patch by 2024-02-07. Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable..

CVE-2024-0519

CWE-787 — Out-of-bounds Write CWE-125 — Out-of-bounds Read11 documents10 sources

Severity

8.8HIGH

EPSS

0.1%

top 65.55%

CISA KEV

KEV

Added 2024-01-17

Due 2024-02-07

Exploit

Exploited in wild

Active exploitation observed

Affected products

Google Chrome Couchbase Couchbase Server Fedoraproject Fedora

Timeline

PublishedJan 16

KEV addedJan 17

Latest updateJan 18

KEV dueFeb 7

CISA Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Description

Out of bounds memory access in V8 in Google Chrome prior to 120.0.6099.224 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages4 packages

▶CVEListV5google/chrome120.0.6099.224 — 120.0.6099.224

▶NVDgoogle/chrome< 120.0.6099.224

▶Debianchromium< 120.0.6099.224-1~deb11u1+3

▶NVDcouchbase/couchbase_server< 7.2.5

Also affects: Fedora 38, 39

🔴Vulnerability Details

GHSA

GHSA-vg6w-jr5m-86c8: Out of bounds memory access in V8 in Google Chrome prior to 120↗2024-01-17

▶

OSV

CVE-2024-0519: Out of bounds memory access in V8 in Google Chrome prior to 120↗2024-01-16

▶

CVEList

CVE-2024-0519: Out of bounds memory access in V8 in Google Chrome prior to 120↗2024-01-16

▶

VulnCheck

Google Chromium V8 Out-of-Bounds Memory Access Vulnerability↗2024

▶

📋Vendor Advisories

Chrome

Long Term Support Channel Update for ChromeOS: CVE-2024-0519↗2024-01-18

▶

CISA

Google Chromium V8 Out-of-Bounds Memory Access Vulnerability↗2024-01-17

▶

Chrome

Stable Channel Update for Desktop: CVE-2024-0517↗2024-01-16

▶

Microsoft

Chromium: CVE-2024-0519 Out of bounds memory access in V8↗2024-01-09

▶

Debian

CVE-2024-0519: chromium - Out of bounds memory access in V8 in Google Chrome prior to 120.0.6099.224 allow...↗2024

▶

🕵️Threat Intelligence

Bleepingcomputer

Google fixes first actively exploited Chrome zero-day of 2024↗2024-01-16

▶