CVE-2024-2887

HIGH

Google Chrome < 123.0.6312.86 - Type Confusion

Title source: rule

Description

Type Confusion in WebAssembly in Google Chrome prior to 123.0.6312.86 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

Exploits (3)

nomisec WRITEUP 17 stars

by rycbar77 · poc

https://github.com/rycbar77/CVE-2024-2887

View Code ZIP pw:eip

nomisec WORKING POC 14 stars

by PumpkinBridge · poc

https://github.com/PumpkinBridge/Chrome-CVE-2024-2887-RCE-POC

View Code ZIP pw:eip

nomisec WORKING POC 1 stars

by jjyuorg · poc

https://github.com/jjyuorg/reproduce-cve-2024-2887

View Code ZIP pw:eip

References (6)

[Release Notes] https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop_26.html

[Exploit, Issue Tracking] https://issues.chromium.org/issues/330588502

[Mailing List] https://lists.fedoraproject.org/archives/list/[email protected]/message/3YUWGSMA5X2NQP5XEFCLRWNX6246GZ2C/

[Mailing List] https://lists.fedoraproject.org/archives/list/[email protected]/message/G3RKI7VTQSIAI3PVZGRCHOSELTQXQ5FQ/

[Mailing List] https://lists.fedoraproject.org/archives/list/[email protected]/message/IQMRHKDEG4J7TMRRRGUGW6GS4MVBX5IT/

[Exploit, Third Party Advisory] https://www.zerodayinitiative.com/blog/2024/5/2/cve-2024-2887-a-pwn2own-winning-bug-in-google-chrome

Scores

CVSS v3 7.7

EPSS 0.0957

EPSS Percentile 92.9%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-843

Status published

Products (4)

fedoraproject/fedora 38

fedoraproject/fedora 39

fedoraproject/fedora 40

google/chrome < 123.0.6312.86

Published Mar 26, 2024

Tracked Since Feb 18, 2026