CVE-2024-0519

HIGH KEV

Google Chrome <120.0.6099.224 - Memory Corruption

Title source: llm

Exploitation Summary

CVE-2024-0519 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added January 17, 2024. EIP tracks 2 public exploits from researchers including Insaida, dbwlsdnr95.

AI-analyzed exploit summary This repository contains a functional exploit PoC for CVE-2024-0519, demonstrating a V8 out-of-bounds memory access vulnerability in Chrome 120. It includes JavaScript triggers and C++ test harnesses to reproduce the bug, along with detailed root cause analysis.

Description

Out of bounds memory access in V8 in Google Chrome prior to 120.0.6099.224 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Exploits (2)

nomisec WORKING POC

by Insaida · poc

https://github.com/Insaida/cve-2024-0519-rca-research

View Code ZIP pw:eip

This repository contains a functional exploit PoC for CVE-2024-0519, demonstrating a V8 out-of-bounds memory access vulnerability in Chrome 120. It includes JavaScript triggers and C++ test harnesses to reproduce the bug, along with detailed root cause analysis.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Complex

Reliability

Reliable

Target: Google Chrome V8 Engine 12.0.267.16

No auth needed

Prerequisites: V8 engine build environment · ARM64 macOS or Linux x86_64 · Xcode CLT · depot_tools

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed May 17, 2026 Full analysis →

nomisec WRITEUP

by dbwlsdnr95 · remote

https://github.com/dbwlsdnr95/CVE-2024-0519

View Code ZIP pw:eip

This repository provides a detailed technical analysis and simulation of CVE-2024-0519, a critical out-of-bounds memory access vulnerability in Google Chrome's V8 JavaScript engine. It includes a simulated exploit demonstrating the vulnerability's mechanics and a comprehensive writeup on the root cause and mitigation strategies.

Classification

Writeup 90%

Attack Type

Info Leak

Complexity

Moderate

Reliability

Theoretical

Target: Google Chrome V8 Engine < 120.0

No auth needed

Prerequisites: Vulnerable version of Google Chrome or V8 engine · Browser environment to run the simulation

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (6)

Core 6

Core References

Release Notes

https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_16.html

Permissions Required

https://crbug.com/1517354

Broken Link, Mailing List

https://lists.fedoraproject.org/archives/list/[email protected]/message/IIUBRVICICWREJQUVT67RS7E4PVZQ5RS/

Broken Link, Mailing List

https://lists.fedoraproject.org/archives/list/[email protected]/message/TNN4SO5UI3U3Q6ASTVT6WMZ4723FYDLH/

Third Party Advisory

https://www.couchbase.com/alerts/

US Government Resource

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-0519

Scores

CVSS v3 8.8

EPSS 0.0018

EPSS Percentile 39.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation active

Automatable no

Technical Impact total

Details

CISA KEV 2024-01-17

VulnCheck KEV 2024-01-11

InTheWild.io 2024-01-11

ENISA EUVD EUVD-2024-16314

CWE

CWE-125 CWE-787

Status published

Products (4)

couchbase/couchbase_server < 7.2.5

fedoraproject/fedora 38

fedoraproject/fedora 39

google/chrome < 120.0.6099.224

Published Jan 16, 2024

KEV Added Jan 17, 2024

Tracked Since Feb 18, 2026