⚠ Actively exploited
Added to CISA KEV on 2024-05-28. Federal agencies required to patch by 2024-06-18. Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable..

CVE-2024-5274Type Confusion in Google Chrome

CWE-843Type Confusion12 documents11 sources
Severity
9.6CRITICALNVD
EPSS
3.6%
top 12.22%
CISA KEV
KEV
Added 2024-05-28
Due 2024-06-18
Exploit
Exploited in wild
Active exploitation observed
Affected products
3
Google ChromeChromiumFedoraproject Fedora
Timeline
PublishedMay 28
KEV addedMay 28
KEV dueJun 18
Latest updateAug 30
CISA Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Description

Type Confusion in V8 in Google Chrome prior to 125.0.6422.112 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:HExploitability: 2.8 | Impact: 6.0

Affected Packages3 packages

CVEListV5google/chrome125.0.6422.112125.0.6422.112
NVDgoogle/chrome< 125.0.6422.112
Debianchromium/chromium< 125.0.6422.112-1~deb12u1+2

Also affects: Fedora 39, 40

🔴Vulnerability Details

3
OSV
CVE-2024-5274: Type Confusion in V8 in Google Chrome prior to 1252024-05-28
CVEList
CVE-2024-5274: Type Confusion in V8 in Google Chrome prior to 1252024-05-28
VulnCheck
Google Chromium V8 Type Confusion Vulnerability2024

📋Vendor Advisories

5
Chrome
Long Term Support Channel Update for ChromeOS: CVE-2024-52742024-06-10
CISA
Google Chromium V8 Type Confusion Vulnerability2024-05-28
Red Hat
chromium-browser: another type Confusion in V82024-05-23
Microsoft
Chromium: CVE-2024-5274 Type Confusion in V82024-05-14
Debian
CVE-2024-5274: chromium - Type Confusion in V8 in Google Chrome prior to 125.0.6422.112 allowed a remote a...2024

🕵️Threat Intelligence

2
Microsoft
North Korean threat actor Citrine Sleet exploiting Chromium zero-day2024-08-30
Qualys
Get Weekends Back: Put Chrome CVEs like CVE-2024-5274 on Auto-Patching2024-05-11
CVE-2024-5274 — Type Confusion in Google Chrome | cvebase