⚠ Actively exploited
Added to CISA KEV on 2024-05-16. Federal agencies required to patch by 2024-06-06. Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable..

CVE-2024-4761Out-of-bounds Write in Google Chrome

CWE-787Out-of-bounds Write13 documents11 sources
Severity
8.8HIGHNVD
EPSS
2.5%
top 14.71%
CISA KEV
KEV
Added 2024-05-16
Due 2024-06-06
Exploit
Exploited in wild
Active exploitation observed
Affected products
3
Google ChromeChromiumFedoraproject Fedora
Timeline
PublishedMay 14
KEV addedMay 16
Latest updateMay 23
KEV dueJun 6
CISA Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Description

Out of bounds write in V8 in Google Chrome prior to 124.0.6367.207 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

CVEListV5google/chrome124.0.6367.207124.0.6367.207
NVDgoogle/chrome< 124.0.6367.207
Debianchromium/chromium< 124.0.6367.207-1~deb12u1+2

Also affects: Fedora 38, 39, 40

🔴Vulnerability Details

4
OSV
CVE-2024-4761: Out of bounds write in V8 in Google Chrome prior to 1242024-05-14
CVEList
CVE-2024-4761: Out of bounds write in V8 in Google Chrome prior to 1242024-05-14
GHSA
GHSA-8q82-45v9-cmr9: Out of bounds write in V8 in Google Chrome prior to 1242024-05-14
VulnCheck
Google Chromium V8 Out-of-Bounds Memory Write Vulnerability2024

📋Vendor Advisories

5
Chrome
Long Term Support Channel Update for ChromeOS: CVE-2024-47612024-05-23
CISA
Google Chromium V8 Out-of-Bounds Memory Write Vulnerability2024-05-16
Microsoft
Chromium: CVE-2024-4761 Out of bounds write in V82024-05-14
Red Hat
chromium-browser: Out of bounds write in V82024-05-13
Debian
CVE-2024-4761: chromium - Out of bounds write in V8 in Google Chrome prior to 124.0.6367.207 allowed a rem...2024

🕵️Threat Intelligence

2
Bleepingcomputer
Google fixes third actively exploited Chrome zero-day in a week2024-05-15
Bleepingcomputer
Google Chrome emergency update fixes 6th zero-day exploited in 20242024-05-14
CVE-2024-4761 — Out-of-bounds Write in Google Chrome | cvebase