cbcvebase.
CVE-2024-4947
published 2024-05-15

CVE-2024-4947: Type Confusion in V8 in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page…

PriorityP189critical9.6CVSS 3.1
AVNACLPRNUIRSCCHIHAH
KEVITWEXPLOIT
CISA Known Exploited Vulnerabilitydue 2024-06-10
Exploited in the wild
EPSS
15.11%
96.3th percentile
Type Confusion in V8 in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Affected

11 ranges
VendorProductVersion rangeFixed in
chromiumchromium>= 0 < 125.0.6422.60-1~deb12u1125.0.6422.60-1~deb12u1
chromiumchromium>= 0 < 125.0.6422.60-1125.0.6422.60-1
chromiumchromium>= 0 < 125.0.6422.60-1125.0.6422.60-1
debianchromium< chromium 125.0.6422.60-1~deb12u1 (bookworm)chromium 125.0.6422.60-1~deb12u1 (bookworm)
fedoraprojectfedora
fedoraprojectfedora
fedoraprojectfedora
googlechrome< 125.0.6422.60125.0.6422.60
googlechrome>= 125.0.6422.60 < 125.0.6422.60125.0.6422.60
googlechrome_chrome
msrcmicrosoft_edge

Detection & IOCsextracted from sources · hover to see the quote

domaindetankzone[.]com
filenameindex.tsx
commandmoduleImport.exportedVar = 3.79837e-312;
  • The type confusion is achieved by overwriting a PropertyArray Map pointer with a HeapNumber encoding of 3.79837e-312, causing V8 to treat the PropertyArray as a PropertyDictionary (type 0xB2) — this specific float value in JS exploit code is a strong indicator of CVE-2024-4947 exploitation.
  • The exploit uses two chained vulnerabilities: CVE-2024-4947 for read/write primitives in Chrome process memory, followed by a V8 sandbox bypass — detections should look for both stages.
  • Google blocked detankzone[.]com and linked campaign sites; network-layer blocks and DNS sinkholes for this domain are an effective preventive control.
  • CVE-2024-4947 is patched in Chrome 125.0.6422.60; any Chrome version below this on an endpoint should be treated as unpatched and high-priority for remediation.
  • ·The exploit targets the Maglev JIT compiler introduced in Chrome 117 (Q4 2023); Chrome versions predating Maglev (< 117) would not be vulnerable to this specific code path, but are end-of-life and carry other critical vulnerabilities.

CVSS provenance

nvdv3.19.6CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
osv9.6CRITICAL
vulncheck9.6CRITICAL
cisa9.6CRITICAL
vendor_debian9.6CRITICAL
vendor_msrc9.6CRITICAL
vendor_redhat9.6CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.