CVE-2024-5274
published 2024-05-28CVE-2024-5274: Type Confusion in V8 in Google Chrome prior to 125.0.6422.112 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page…
PriorityP188critical9.6CVSS 3.1
AVNACLPRNUIRSCCHIHAH
KEVITWEXPLOIT
CISA Known Exploited Vulnerabilitydue 2024-06-18
Exploited in the wild
EPSS
10.02%
95.0th percentile
Type Confusion in V8 in Google Chrome prior to 125.0.6422.112 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| chromium | chromium | >= 0 < 125.0.6422.112-1~deb12u1 | 125.0.6422.112-1~deb12u1 |
| chromium | chromium | >= 0 < 125.0.6422.112-1 | 125.0.6422.112-1 |
| chromium | chromium | >= 0 < 125.0.6422.112-1 | 125.0.6422.112-1 |
| debian | chromium | < chromium 125.0.6422.112-1~deb12u1 (bookworm) | chromium 125.0.6422.112-1~deb12u1 (bookworm) |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| chrome | < 125.0.6422.112 | 125.0.6422.112 | |
| chrome | >= 125.0.6422.112 < 125.0.6422.112 | 125.0.6422.112 | |
| chrome_chrome | — | — | |
| msrc | microsoft_edge | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →The Chrome exploit chain for CVE-2024-5274 targets Android users running Chrome versions m121 to m123; detections should focus on unpatched Chrome versions below 125.0.6422.112 on Android devices visiting compromised Mongolian government sites. ↗
- →The exploit delivery uses obfuscated JavaScript to inject a malicious iframe; monitor for obfuscated JS dynamically injecting iframes pointing to attacker-controlled domains with 'personalization_id=' query parameters. ↗
- →The exploit chain uses IndexedDB database named 'tracker' on the client side to store status information; presence of an IndexedDB store named 'tracker' created by a suspicious origin may indicate active exploitation. ↗
- →A unique session identifier matching the format of 25-character alphanumeric strings (e.g., '2msa5mmjhqxpdsyb5vlcnd2t') is passed as the 'tt=' URL parameter across all exploit stages; monitor for this pattern in HTTP requests to suspicious domains. ↗
- →The exploit uses ECDH key exchange before sending exploit stages; unlike earlier campaigns that used a static decryption key from C2, detection of dynamic ECDH-based key negotiation in early HTTP exchanges may indicate this exploit chain. ↗
- →CVE-2024-5274 is chained with CVE-2024-4671 (sandbox escape); detections should look for the combined exploitation of both vulnerabilities in the same session, as CVE-2024-5274 alone only compromises the renderer. ↗
- ·The CVE-2024-5274 exploit was effective only against Chrome versions m121 through m123 on Android; devices running Chrome 125.0.6422.112 or later are patched and not vulnerable. ↗
CVSS provenance
nvdv3.19.6CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
osv9.6CRITICAL
vulncheck9.6CRITICAL
cisa9.6CRITICAL
vendor_debian9.6CRITICAL
vendor_msrc9.6CRITICAL
vendor_redhat9.6CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Chrome
Long Term Support Channel Update for ChromeOS: CVE-2024-5274
vendor_chrome·2024-06-10·CVSS 9.6
CVE-2024-5274 [CRITICAL] Long Term Support Channel Update for ChromeOS: CVE-2024-5274
Long Term Support Channel Update for ChromeOS
CVE-2024-5274
CISA
Google Chromium V8 Type Confusion Vulnerability
cisa·2024-05-28·CVSS 9.6
CVE-2024-5274 [CRITICAL] CWE-843 Google Chromium V8 Type Confusion Vulnerability
Vulnerability: Google Chromium V8 Type Confusion Vulnerability
Affected: Google Chromium V8
Google Chromium V8 contains a type confusion vulnerability that allows a remote attacker to execute code via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Notes: https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_23.html?m=1; https://nvd.nist.gov/vuln/detail/CVE-2024-5274
Remediation Due Date: 2024-06-18
Red Hat
chromium-browser: another type Confusion in V8
vendor_redhat·2024-05-23·CVSS 9.6
CVE-2024-5274 [CRITICAL] CWE-843 chromium-browser: another type Confusion in V8
chromium-browser: another type Confusion in V8
Type Confusion in V8 in Google Chrome prior to 125.0.6422.112 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Statement: Chromium is not shipped in any supported Red Hat offerings.
Mitigation: Until updated packages are released for Fedora and EPEL, consider temporarily swapping to an alternative web browser such as Firefox or severely restricting activity to sites you known well and trust.
Package: chromium-browser (Red Hat Enterprise Linux 6) - Out of support scope
Microsoft
Chromium: CVE-2024-5274 Type Confusion in V8
vendor_msrc·2024-05-14·CVSS 9.6
CVE-2024-5274 [CRITICAL] Chromium: CVE-2024-5274 Type Confusion in V8
Chromium: CVE-2024-5274 Type Confusion in V8
Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
Google is aware that an exploit for CVE-2024-5274 exists in the wild.
FAQ:
Microsoft Edge Channel
Microsoft Edge Version
Date Released
Based on Chromium Version
Stable
125.0.2535.67
5/23/2024
125.0.6422.112
FAQ: Why is this Chrome CVE included in the Security Update Guide?
The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.
Ho
Debian
CVE-2024-5274: chromium - Type Confusion in V8 in Google Chrome prior to 125.0.6422.112 allowed a remote a...
vendor_debian·2024·CVSS 9.6
CVE-2024-5274 [CRITICAL] CVE-2024-5274: chromium - Type Confusion in V8 in Google Chrome prior to 125.0.6422.112 allowed a remote a...
Type Confusion in V8 in Google Chrome prior to 125.0.6422.112 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Scope: local
bookworm: resolved (fixed in 125.0.6422.112-1~deb12u1)
bullseye: open
forky: resolved (fixed in 125.0.6422.112-1)
sid: resolved (fixed in 125.0.6422.112-1)
trixie: resolved (fixed in 125.0.6422.112-1)
OSV
CVE-2024-5274: Type Confusion in V8 in Google Chrome prior to 125
osv·2024-05-28·CVSS 9.6
CVE-2024-5274 [CRITICAL] CVE-2024-5274: Type Confusion in V8 in Google Chrome prior to 125
Type Confusion in V8 in Google Chrome prior to 125.0.6422.112 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
VulnCheck
Google Chromium V8 Type Confusion Vulnerability
vulncheck·2024·CVSS 9.6
CVE-2024-5274 [CRITICAL] CWE-843 Google Chromium V8 Type Confusion Vulnerability
Google Chromium V8 Type Confusion Vulnerability
Google Chromium V8 contains a type confusion vulnerability that allows a remote attacker to execute code via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Affected: Google Chromium V8
Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Exploitation References: https://docs.google.com/spreadsheets/d/1lkNJ0uQwbeC1ZTRrxdtuPLCIl7mlUreoKfSIgajnSyY/edit; https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_23.html; https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json; https://ti.qianxin.com/up
No detection rules found.
No public exploits indexed.
Tenable
Cybersecurity Snapshot: Schools Suffer Heavy Downtime Losses Due To Ransomware, as Banks Grapple with AI Challenges
blogs_tenable·2024-08-30
Cybersecurity Snapshot: Schools Suffer Heavy Downtime Losses Due To Ransomware, as Banks Grapple with AI Challenges
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Microsoft
North Korean threat actor Citrine Sleet exploiting Chromium zero-day
blogs_microsoft·2024-08-30·CVSS 9.6
CVE-2024-7971 [CRITICAL] North Korean threat actor Citrine Sleet exploiting Chromium zero-day
Research
August 30, 2024
## Indicators of compromise
During the attacks, Microsoft observed the following IOCs:
voyagorclub[.]space
weinsteinfrog[.]com
## References
https://nvd.nist.gov/vuln/detail/CVE-2024-7971
https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop_21.html
https://nvd.nist.gov/vuln/detail/CVE-2024-4947
https://nvd.nist.gov/vuln/detail/CVE-2024-5274
https://decoded.avast.io/janvojtesek/lazarus-and-the-fudmodule-rootkit-beyond-byovd-with-an-admin-to-kernel-zero-day/
https://www.virusbulletin.com/uploads/pdf/conference/vb2022/papers/VB2022-Lazarus-and-BYOVD-evil-to-the-Windows-core.pdf
https://asec.ahnlab.com/wp-content/uploads/2022/09/Analysis-Report-on-Lazarus-Groups-Rootkit-Attack-Using-BYOVD_Sep-22-2022.pdf
https://decoded.avas
Google Tag
State-backed attackers and commercial surveillance vendors repeatedly use the same exploits
blogs_google_tag·2024-08-29
State-backed attackers and commercial surveillance vendors repeatedly use the same exploits
Threat Analysis Group
## State-backed attackers and commercial surveillance vendors repeatedly use the same exploits
Aug 29, 2024
Today, we’re sharing that Google’s Threat Analysis Group (TAG) observed multiple in-the-wild exploit campaigns, between November 2023 and July 2024, delivered from a watering hole attack on Mongolian government websites. The campaigns first delivered an iOS WebKit exploit affecting iOS versions older than 16.6.1 and then later, a Chrome exploit chain against Android users running versions from m121 to m123. These campaigns delivered n-day exploits for which patches were available, but would still be effective against unpatched devices. We assess with moderate confidence the campaigns are linked to the Russian government-backed actor APT29. In each iteration o
Bleepingcomputer
Russian APT29 hackers use iOS, Chrome exploits created by spyware vendors
blogs_bleepingcomputer·2024-08-29·CVSS 6.1
[MEDIUM] Russian APT29 hackers use iOS, Chrome exploits created by spyware vendors
## Russian APT29 hackers use iOS, Chrome exploits created by spyware vendors
## Bill Toulas
A watering hole is a cyberattack where a legitimate site is compromised with malicious code designed to deliver payloads to visitors that meet specific criteria, like device architecture or location (IP-based).
Interestingly, TAG notes that APT29 used exploits that were almost identical to those used by commercial surveillance-ware vendors like NSO Group and Intellexa, who created and leveraged the flaws as zero days when no fix was available.
## Timeline of attacks
Google's threat analysts note that APT29 has a long history of exploiting zero-day and n-day vulnerabilities.
In 2021, the Russian cyber-operatives exploited CVE-2021-1879 as a zero-day, targeting government officials in Eastern Eu
Bleepingcomputer
Google tags a tenth Chrome zero-day as exploited this year
blogs_bleepingcomputer·2024-08-26·CVSS 8.8
CVE-2024-7971 [HIGH] Google tags a tenth Chrome zero-day as exploited this year
## Google tags a tenth Chrome zero-day as exploited this year
## Sergiu Gatlan
This was announced in an update to a blog post where the company revealed last week that it had fixed another high-severity zero-day vulnerability (CVE-2024-7971) caused by a V8 type confusion weakness.
"Updated on 26 August 2024 to reflect the in the wild exploitation of CVE-2024-7965 which was reported after this release," the company said in today's update . "Google is aware that exploits for CVE-2024-7971 and CVE-2024-7965 exist in the wild."
Google has fixed both zero-days in Chrome version 128.0.6613.84/.85 for Windows/macOS systems and version 128.0.6613.84 Linux users, which have been rolling out to all users in the Stable Desktop channel since Wednesday.
Even though Chrome will automatically update
Bleepingcomputer
Google fixes ninth Chrome zero-day tagged as exploited this year
blogs_bleepingcomputer·2024-08-21·CVSS 8.8
CVE-2024-7971 [HIGH] Google fixes ninth Chrome zero-day tagged as exploited this year
## Google fixes ninth Chrome zero-day tagged as exploited this year
## Sergiu Gatlan
Today, Google released a new Chrome emergency security update to patch a zero-day vulnerability tagged as exploited in attacks.
"Google is aware that an exploit for CVE-2024-7971 exists in the wild," the company said in an advisory published on Wednesday.
This high-severity zero-day vulnerability is caused by a type confusion weakness in Chrome's V8 JavaScript engine. Security researchers with the Microsoft Threat Intelligence Center (MSTIC) and Microsoft Security Response Center (MSRC) reported it on Monday.
Although such security flaws can commonly enable attackers to trigger browser crashes after data allocated into memory is interpreted as a different type, they can also exploit them for arbitra
Checkpoint
27th May – Threat Intelligence Report
blogs_checkpoint·2024-05-27
CVE-2024-5274 27th May – Threat Intelligence Report
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 27th May – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 20th May, please download our Threat_Intelligence Bulletin .
TOP ATTACKS AND BREACHES
A data breach has exposed 500GB of Indian biometric data, affecting Indian police, military personnel, and other public workers during elections in India. The leak stemmed from unsecured databases managed by ThoughtGreen Technologies and Timing Technologies, comprising sensitive information like fingerprints and facial scans. The
Bleepingcomputer
Google fixes eighth actively exploited Chrome zero-day this year
blogs_bleepingcomputer·2024-05-24·CVSS 8.8
[HIGH] Google fixes eighth actively exploited Chrome zero-day this year
## Google fixes eighth actively exploited Chrome zero-day this year
## Bill Toulas
A "type confusion" vulnerability occurs when a program allocates a piece of memory to hold a certain type of data but mistakenly interprets the data as a different type. This can lead to crashes, data corruption, as well as arbitrary code execution.
Google has not shared technical details about the flaw to protect users from potential exploitation attempts from other threat actors and allow them to install a browser version that addresses the problem.
"Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven't yet fixed," said the t
Qualys
Get Weekends Back: Put Chrome CVEs like CVE-2024-5274 on Auto-Patching | Qualys
blogs_qualys·2024-05-11·CVSS 9.6
CVE-2024-4671 [CRITICAL] Get Weekends Back: Put Chrome CVEs like CVE-2024-5274 on Auto-Patching | Qualys
#### Table of Contents
- Using Qualys and Zero-Touch Patching to Mitigate Risks
- Leveraging Qualys for Enhanced Security
- Google Chrome Zero-Day Update CVE-2024-4947 May 15, 2024
- Google Chrome Zero-Day Update CVE-2024-5274 May 24, 2024
On May 9th, Google released an emergency update for its Chrome browser to patch a critical zero-day vulnerability, CVE-2024-4671. The “use after free” vulnerability affects the Visuals component of Chrome, which is responsible for rendering and displaying content. CVE-2024-4671 was identified and reported to Google by an anonymous researcher. The company has disclosed that this vulnerability is likely being actively exploited. This vulnerability exploits a flaw in which a program continues to use a memory pointer after it has been freed, potentially le
Qualys
Get Weekends Back: Put Chrome CVEs like CVE-2024-5274 on Auto-Patching
blogs_qualys·2024-05-11·CVSS 9.6
CVE-2024-4947 [CRITICAL] Get Weekends Back: Put Chrome CVEs like CVE-2024-5274 on Auto-Patching
## Table of Contents
Using Qualys and Zero-Touch Patching to Mitigate Risks
Leveraging Qualys for Enhanced Security
Google Chrome Zero-Day Update CVE-2024-4947 May 15, 2024
Google Chrome Zero-Day Update CVE-2024-5274 May 24, 2024
On May 9th, Google released an emergency update for its Chrome browser to patch a critical zero-day vulnerability, CVE-2024-4671 . The “use after free” vulnerability affects the Visuals component of Chrome, which is responsible for rendering and displaying content. CVE-2024-4671 was identified and reported to Google by an anonymous researcher. The company has disclosed that this vulnerability is likely being actively exploited. This vulnerability exploits a flaw in which a program continues to use a memory pointer after it has been freed, potentially leading
https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_23.htmlhttps://issues.chromium.org/issues/341663589https://lists.fedoraproject.org/archives/list/[email protected]/message/AVC3FNI7HZLVSRIFBVUSBHI233DZYBKP/https://lists.fedoraproject.org/archives/list/[email protected]/message/T6IBUYVPD4MIFQNNYBGAPI5MOECWXXOB/https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_23.htmlhttps://issues.chromium.org/issues/341663589https://lists.fedoraproject.org/archives/list/[email protected]/message/AVC3FNI7HZLVSRIFBVUSBHI233DZYBKP/https://lists.fedoraproject.org/archives/list/[email protected]/message/T6IBUYVPD4MIFQNNYBGAPI5MOECWXXOB/https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-5274
2024-05-28
Published
2024-05-28
Added to CISA KEV
Exploited in the wild