CVE-2024-1939

HIGH

Google Chrome <122.0.6261.94 - Heap Corruption

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-1939. PoCs published by rycbar77.

AI-analyzed exploit summary This repository contains a functional exploit PoC for CVE-2024-1939, leveraging a type confusion vulnerability in V8's WebAssembly-to-JavaScript conversion due to unsupported kWasmS128 operations. The exploit achieves arbitrary read/write primitives and includes a sandbox bypass via Regexp manipulation, ultimately executing an ORW chain to write the flag through stderr.

Description

Type Confusion in V8 in Google Chrome prior to 122.0.6261.94 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Exploits (1)

nomisec WORKING POC 14 stars
by rycbar77 · poc
https://github.com/rycbar77/CVE-2024-1939

This repository contains a functional exploit PoC for CVE-2024-1939, leveraging a type confusion vulnerability in V8's WebAssembly-to-JavaScript conversion due to unsupported kWasmS128 operations. The exploit achieves arbitrary read/write primitives and includes a sandbox bypass via Regexp manipulation, ultimately executing an ORW chain to write the flag through stderr.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Complex
Reliability
Reliable
Target: V8 JavaScript Engine (Chromium-based browsers)
No auth needed
Prerequisites: Target must be running a vulnerable version of V8 · WebAssembly support enabled
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (5)

Core 5

Scores

CVSS v3 8.8
EPSS 0.0256
EPSS Percentile 83.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-843
Status published
Products (4)
fedoraproject/fedora 38
fedoraproject/fedora 39
fedoraproject/fedora 40
google/chrome < 122.0.6261.94
Published Feb 29, 2024
Tracked Since Feb 18, 2026