CVE-2024-4947
published 2024-05-15CVE-2024-4947: Type Confusion in V8 in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page…
PriorityP189critical9.6CVSS 3.1
AVNACLPRNUIRSCCHIHAH
KEVITWEXPLOIT
CISA Known Exploited Vulnerabilitydue 2024-06-10
Exploited in the wild
EPSS
15.11%
96.3th percentile
Type Confusion in V8 in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| chromium | chromium | >= 0 < 125.0.6422.60-1~deb12u1 | 125.0.6422.60-1~deb12u1 |
| chromium | chromium | >= 0 < 125.0.6422.60-1 | 125.0.6422.60-1 |
| chromium | chromium | >= 0 < 125.0.6422.60-1 | 125.0.6422.60-1 |
| debian | chromium | < chromium 125.0.6422.60-1~deb12u1 (bookworm) | chromium 125.0.6422.60-1~deb12u1 (bookworm) |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| chrome | < 125.0.6422.60 | 125.0.6422.60 | |
| chrome | >= 125.0.6422.60 < 125.0.6422.60 | 125.0.6422.60 | |
| chrome_chrome | — | — | |
| msrc | microsoft_edge | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →The type confusion is achieved by overwriting a PropertyArray Map pointer with a HeapNumber encoding of 3.79837e-312, causing V8 to treat the PropertyArray as a PropertyDictionary (type 0xB2) — this specific float value in JS exploit code is a strong indicator of CVE-2024-4947 exploitation. ↗
- →The exploit uses two chained vulnerabilities: CVE-2024-4947 for read/write primitives in Chrome process memory, followed by a V8 sandbox bypass — detections should look for both stages. ↗
- →Google blocked detankzone[.]com and linked campaign sites; network-layer blocks and DNS sinkholes for this domain are an effective preventive control. ↗
- →CVE-2024-4947 is patched in Chrome 125.0.6422.60; any Chrome version below this on an endpoint should be treated as unpatched and high-priority for remediation. ↗
- ·The exploit targets the Maglev JIT compiler introduced in Chrome 117 (Q4 2023); Chrome versions predating Maglev (< 117) would not be vulnerable to this specific code path, but are end-of-life and carry other critical vulnerabilities. ↗
CVSS provenance
nvdv3.19.6CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
osv9.6CRITICAL
vulncheck9.6CRITICAL
cisa9.6CRITICAL
vendor_debian9.6CRITICAL
vendor_msrc9.6CRITICAL
vendor_redhat9.6CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Chrome
Long Term Support Channel Update for ChromeOS: CVE-2024-4947
vendor_chrome·2024-05-23·CVSS 9.6
CVE-2024-4947 [CRITICAL] Long Term Support Channel Update for ChromeOS: CVE-2024-4947
Long Term Support Channel Update for ChromeOS
CVE-2024-4947
CISA
Google Chromium V8 Type Confusion Vulnerability
cisa·2024-05-20·CVSS 9.6
CVE-2024-4947 [CRITICAL] CWE-843 Google Chromium V8 Type Confusion Vulnerability
Vulnerability: Google Chromium V8 Type Confusion Vulnerability
Affected: Google Chromium V8
Google Chromium V8 contains a type confusion vulnerability that allows a remote attacker to execute code via a crafted HTML page.
Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Notes: https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_15.html; https://nvd.nist.gov/vuln/detail/CVE-2024-4947
Remediation Due Date: 2024-06-10
Red Hat
chromium-browser: Type Confusion in V8
vendor_redhat·2024-05-15·CVSS 9.6
CVE-2024-4947 [CRITICAL] CWE-416 chromium-browser: Type Confusion in V8
chromium-browser: Type Confusion in V8
Type Confusion in V8 in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
A type confusion vulnerability was found in the Chromium web browser. This flaw allows an unauthenticated, remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
Statement: Chromium is not shipped in any Red Hat offerings.
Mitigation: Until updated packages are released for Fedora and EPEL, consider temporarily swapping to an alternative web browser such as Firefox or severely restricting activity to sites you know well and trust.
Package: chromium-browser (Red Hat Enterprise Linux 6) - Out of support scope
Chrome
Stable Channel Update for Desktop: CVE-2024-4950
vendor_chrome·2024-05-15·CVSS 9.6
CVE-2024-4950 [LOW] Stable Channel Update for Desktop: CVE-2024-4950
Stable Channel Update for Desktop
CVE-2024-4950: Inappropriate implementation in Downloads. Reported by Shaheen Fazim on 2023-06-06 Google is aware that an exploit for CVE-2024-4947 exists in the wild
Severity: low
Microsoft
Chromium: CVE-2024-4947 Type Confusion in V8
vendor_msrc·2024-05-14·CVSS 9.6
CVE-2024-4947 [CRITICAL] Chromium: CVE-2024-4947 Type Confusion in V8
Chromium: CVE-2024-4947 Type Confusion in V8
Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
Google is aware that an exploit for CVE-2024-4947 exists in the wild.
FAQ:
Microsoft Edge Channel
Microsoft Edge Version
Date Released
Based on Chromium Version
Stable
124.0.2478.109
5/16/2024
124.0.6367.221
FAQ: Why is this Chrome CVE included in the Security Update Guide?
The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.
H
Debian
CVE-2024-4947: chromium - Type Confusion in V8 in Google Chrome prior to 125.0.6422.60 allowed a remote at...
vendor_debian·2024·CVSS 9.6
CVE-2024-4947 [CRITICAL] CVE-2024-4947: chromium - Type Confusion in V8 in Google Chrome prior to 125.0.6422.60 allowed a remote at...
Type Confusion in V8 in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Scope: local
bookworm: resolved (fixed in 125.0.6422.60-1~deb12u1)
bullseye: open
forky: resolved (fixed in 125.0.6422.60-1)
sid: resolved (fixed in 125.0.6422.60-1)
trixie: resolved (fixed in 125.0.6422.60-1)
OSV
CVE-2024-4947: Type Confusion in V8 in Google Chrome prior to 125
osv·2024-05-15·CVSS 9.6
CVE-2024-4947 [CRITICAL] CVE-2024-4947: Type Confusion in V8 in Google Chrome prior to 125
Type Confusion in V8 in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
GHSA
GHSA-p8v3-5hqq-7c5r: Type Confusion in V8 in Google Chrome prior to 125
ghsa_unreviewed·2024-05-15
CVE-2024-4947 [HIGH] CWE-843 GHSA-p8v3-5hqq-7c5r: Type Confusion in V8 in Google Chrome prior to 125
Type Confusion in V8 in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
VulnCheck
Google Chromium V8 Type Confusion Vulnerability
vulncheck·2024·CVSS 9.6
CVE-2024-4947 [CRITICAL] CWE-843 Google Chromium V8 Type Confusion Vulnerability
Google Chromium V8 Type Confusion Vulnerability
Google Chromium V8 contains a type confusion vulnerability that allows a remote attacker to execute code via a crafted HTML page.
Affected: Google Chromium V8
Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Exploitation References: https://docs.google.com/spreadsheets/d/1lkNJ0uQwbeC1ZTRrxdtuPLCIl7mlUreoKfSIgajnSyY/edit; https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_15.html; https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json; https://www.uptycs.com/blog/uptycs-quarterly-cyber-threat-bulletin-q2-2024; https://ti.qianxin.com/uploads/2024/08/19/2274f632f6a1d8acd2f1801c24887edb.pdf; https://securelist.
No detection rules found.
No public exploits indexed.
Checkpoint
28th October – Threat Intelligence Report
blogs_checkpoint·2024-10-28
CVE-2024-20481 28th October – Threat Intelligence Report
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 28th October – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 28th October, please download our Threat Intelligence Bulletin .
TOP ATTACKS AND BREACHES
Grupo Aeroportuario del Centro Norte (OMA), operator of 13 airports across Mexico, was hacked by the RansomHub ransomware gang, who threatened to leak 3TB of stolen data unless a ransom is paid. The attack disrupted terminal information screens and forced OMA to activate backup systems, with no reported material adverse e
Securelist
The Crypto Game of Lazarus APT: Investors vs. Zero-days
blogs_securelist·2024-10-23·CVSS 9.6
CVE-2024-4947 [CRITICAL] The Crypto Game of Lazarus APT: Investors vs. Zero-days
Table of Contents
Introduction
The exploit
First vulnerability (CVE-2024-4947)
Second vulnerability (V8 sandbox bypass)
Shellcode
Social activity
The game
The original game
Conclusions
Indicators of Compromise
Authors
Boris Larin
Vasily Berdnikov
## Introduction
Lazarus APT and its BlueNoroff subgroup are a highly sophisticated and multifaceted Korean-speaking threat actor. We closely monitor their activities and quite often see them using their signature malware in their attacks — a full-feature backdoor called Manuscrypt. According to our research, Lazarus has been employing this malware since at least 2013 and we’ve documented its usage in 50+ unique campaigns targeting governments, diplomatic entities, financial institutions, military and defense contractors, cryptocurre
Securelist
Lazarus APT steals cryptocurrency and user data via a decoy MOBA game
blogs_securelist·2024-10-23
Lazarus APT steals cryptocurrency and user data via a decoy MOBA game
Table of Contents
- Introduction
- The exploit
- Shellcode
- Social activity
- The game
- Conclusions
- Indicators of Compromise
Authors
- Boris Larin
- Vasily Berdnikov
## Introduction
Lazarus APT and its BlueNoroff subgroup are a highly sophisticated and multifaceted Korean-speaking threat actor. We closely monitor their activities and quite often see them using their signature malware in their attacks — a full-feature backdoor called Manuscrypt. According to our research, Lazarus has been employing this malware since at least 2013 and we’ve documented its usage in 50+ unique campaigns targeting governments, diplomatic entities, financial institutions, military and defense contractors, cryptocurrency platforms, IT and telecommunication operators, gaming companies, media outlets, ca
Microsoft
North Korean threat actor Citrine Sleet exploiting Chromium zero-day
blogs_microsoft·2024-08-30·CVSS 9.6
CVE-2024-7971 [CRITICAL] North Korean threat actor Citrine Sleet exploiting Chromium zero-day
Research
August 30, 2024
## Indicators of compromise
During the attacks, Microsoft observed the following IOCs:
voyagorclub[.]space
weinsteinfrog[.]com
## References
https://nvd.nist.gov/vuln/detail/CVE-2024-7971
https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop_21.html
https://nvd.nist.gov/vuln/detail/CVE-2024-4947
https://nvd.nist.gov/vuln/detail/CVE-2024-5274
https://decoded.avast.io/janvojtesek/lazarus-and-the-fudmodule-rootkit-beyond-byovd-with-an-admin-to-kernel-zero-day/
https://www.virusbulletin.com/uploads/pdf/conference/vb2022/papers/VB2022-Lazarus-and-BYOVD-evil-to-the-Windows-core.pdf
https://asec.ahnlab.com/wp-content/uploads/2022/09/Analysis-Report-on-Lazarus-Groups-Rootkit-Attack-Using-BYOVD_Sep-22-2022.pdf
https://decoded.avas
Bleepingcomputer
Google tags a tenth Chrome zero-day as exploited this year
blogs_bleepingcomputer·2024-08-26·CVSS 8.8
CVE-2024-7971 [HIGH] Google tags a tenth Chrome zero-day as exploited this year
## Google tags a tenth Chrome zero-day as exploited this year
## Sergiu Gatlan
This was announced in an update to a blog post where the company revealed last week that it had fixed another high-severity zero-day vulnerability (CVE-2024-7971) caused by a V8 type confusion weakness.
"Updated on 26 August 2024 to reflect the in the wild exploitation of CVE-2024-7965 which was reported after this release," the company said in today's update . "Google is aware that exploits for CVE-2024-7971 and CVE-2024-7965 exist in the wild."
Google has fixed both zero-days in Chrome version 128.0.6613.84/.85 for Windows/macOS systems and version 128.0.6613.84 Linux users, which have been rolling out to all users in the Stable Desktop channel since Wednesday.
Even though Chrome will automatically update
Bleepingcomputer
Google fixes ninth Chrome zero-day tagged as exploited this year
blogs_bleepingcomputer·2024-08-21·CVSS 8.8
CVE-2024-7971 [HIGH] Google fixes ninth Chrome zero-day tagged as exploited this year
## Google fixes ninth Chrome zero-day tagged as exploited this year
## Sergiu Gatlan
Today, Google released a new Chrome emergency security update to patch a zero-day vulnerability tagged as exploited in attacks.
"Google is aware that an exploit for CVE-2024-7971 exists in the wild," the company said in an advisory published on Wednesday.
This high-severity zero-day vulnerability is caused by a type confusion weakness in Chrome's V8 JavaScript engine. Security researchers with the Microsoft Threat Intelligence Center (MSTIC) and Microsoft Security Response Center (MSRC) reported it on Monday.
Although such security flaws can commonly enable attackers to trigger browser crashes after data allocated into memory is interpreted as a different type, they can also exploit them for arbitra
Bleepingcomputer
Google fixes eighth actively exploited Chrome zero-day this year
blogs_bleepingcomputer·2024-05-24·CVSS 8.8
[HIGH] Google fixes eighth actively exploited Chrome zero-day this year
## Google fixes eighth actively exploited Chrome zero-day this year
## Bill Toulas
A "type confusion" vulnerability occurs when a program allocates a piece of memory to hold a certain type of data but mistakenly interprets the data as a different type. This can lead to crashes, data corruption, as well as arbitrary code execution.
Google has not shared technical details about the flaw to protect users from potential exploitation attempts from other threat actors and allow them to install a browser version that addresses the problem.
"Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven't yet fixed," said the t
Bleepingcomputer
CISA warns of hackers exploiting Chrome, EoL D-Link bugs
blogs_bleepingcomputer·2024-05-19·CVSS 8.8
[HIGH] CISA warns of hackers exploiting Chrome, EoL D-Link bugs
## CISA warns of hackers exploiting Chrome, EoL D-Link bugs
## Bill Toulas
The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has added three security vulnerabilities to its 'Known Exploited Vulnerabilities' catalog, one impacting Google Chrome and two affecting some D-Link routers.
Adding the issues to the KEV catalog serves as a warning to federal agencies and companies that threat actors are leveraging them in attacks and security updates or mitigations should be applied.
Federal agencies in the U.S. have until June 6th to replace affected devices or implement defenses that reduce or eliminate the risk of an attack.
## Actively exploited flaws
The vulnerability in Google Chrome, tracked as CVE-2024-4761 , has been confirmed by the vendor as actively exploited on May 13
Bleepingcomputer
Google fixes third actively exploited Chrome zero-day in a week
blogs_bleepingcomputer·2024-05-15·CVSS 8.8
CVE-2024-4671 [HIGH] Google fixes third actively exploited Chrome zero-day in a week
## Google fixes third actively exploited Chrome zero-day in a week
## Sergiu Gatlan
Although such flaws generally enable threat actors to trigger browser crashes by reading or writing memory out of buffer bounds, they can also exploit them for arbitrary code execution on targeted devices.
The other two actively exploited Chrome zero-days patched this week are CVE-2024-4671 (a use-after-free flaw in the Visuals component) and CVE-2024-4761 (an out-of-bounds write bug in the V8 JavaScript engine).
Microsoft also said it's "aware of the recent exploits existing in the wild" targeting CVE-2024-4947 and that its engineers are "actively working on releasing a security fix" for the Chromium-based Edge web browser.
## Fix rolling out to Stable channel users
The company fixed the zero-day fla
Qualys
Get Weekends Back: Put Chrome CVEs like CVE-2024-5274 on Auto-Patching | Qualys
blogs_qualys·2024-05-11·CVSS 9.6
CVE-2024-4671 [CRITICAL] Get Weekends Back: Put Chrome CVEs like CVE-2024-5274 on Auto-Patching | Qualys
#### Table of Contents
- Using Qualys and Zero-Touch Patching to Mitigate Risks
- Leveraging Qualys for Enhanced Security
- Google Chrome Zero-Day Update CVE-2024-4947 May 15, 2024
- Google Chrome Zero-Day Update CVE-2024-5274 May 24, 2024
On May 9th, Google released an emergency update for its Chrome browser to patch a critical zero-day vulnerability, CVE-2024-4671. The “use after free” vulnerability affects the Visuals component of Chrome, which is responsible for rendering and displaying content. CVE-2024-4671 was identified and reported to Google by an anonymous researcher. The company has disclosed that this vulnerability is likely being actively exploited. This vulnerability exploits a flaw in which a program continues to use a memory pointer after it has been freed, potentially le
Qualys
Get Weekends Back: Put Chrome CVEs like CVE-2024-5274 on Auto-Patching
blogs_qualys·2024-05-11·CVSS 9.6
CVE-2024-4947 [CRITICAL] Get Weekends Back: Put Chrome CVEs like CVE-2024-5274 on Auto-Patching
## Table of Contents
Using Qualys and Zero-Touch Patching to Mitigate Risks
Leveraging Qualys for Enhanced Security
Google Chrome Zero-Day Update CVE-2024-4947 May 15, 2024
Google Chrome Zero-Day Update CVE-2024-5274 May 24, 2024
On May 9th, Google released an emergency update for its Chrome browser to patch a critical zero-day vulnerability, CVE-2024-4671 . The “use after free” vulnerability affects the Visuals component of Chrome, which is responsible for rendering and displaying content. CVE-2024-4671 was identified and reported to Google by an anonymous researcher. The company has disclosed that this vulnerability is likely being actively exploited. This vulnerability exploits a flaw in which a program continues to use a memory pointer after it has been freed, potentially leading
https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_15.htmlhttps://issues.chromium.org/issues/340221135https://lists.fedoraproject.org/archives/list/[email protected]/message/6G7EYH2JAK5OJPVNC6AXYQ5K7YGYNCDN/https://lists.fedoraproject.org/archives/list/[email protected]/message/NTSN22LNYXMWHVTYNOYQVOY7VDZFHENQ/https://lists.fedoraproject.org/archives/list/[email protected]/message/WSUWM73ZCXTN62AT2REYQDD5ZKPFMDZD/https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_15.htmlhttps://issues.chromium.org/issues/340221135https://lists.fedoraproject.org/archives/list/[email protected]/message/6G7EYH2JAK5OJPVNC6AXYQ5K7YGYNCDN/https://lists.fedoraproject.org/archives/list/[email protected]/message/NTSN22LNYXMWHVTYNOYQVOY7VDZFHENQ/https://lists.fedoraproject.org/archives/list/[email protected]/message/WSUWM73ZCXTN62AT2REYQDD5ZKPFMDZD/https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-4947
2024-05-15
Published
2024-05-20
Added to CISA KEV
Exploited in the wild