CVE-2024-2887

HIGH

Google Chrome < 123.0.6312.86 - Remote Code Execution via WebAssembly Type Confusion

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 4 public exploits for CVE-2024-2887. PoCs published by rycbar77, PumpkinBridge, jjyuorg.

AI-analyzed exploit summary This writeup describes CVE-2024-2887, a V8 WebAssembly type confusion vulnerability allowing addrof and fakeobj primitives via overflowing the kV8MaxWasmTypes limit. The exploit leverages WasmModuleBuilder to manipulate type indices and achieve memory corruption.

Description

Type Confusion in WebAssembly in Google Chrome prior to 123.0.6312.86 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

Exploits (4)

nomisec WRITEUP 17 stars
by rycbar77 · poc
https://github.com/rycbar77/CVE-2024-2887

This writeup describes CVE-2024-2887, a V8 WebAssembly type confusion vulnerability allowing addrof and fakeobj primitives via overflowing the kV8MaxWasmTypes limit. The exploit leverages WasmModuleBuilder to manipulate type indices and achieve memory corruption.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Complex
Reliability
Theoretical
Target: V8 (Chromium-based browsers)
No auth needed
Prerequisites: V8 engine with WebAssembly support · Ability to execute arbitrary JavaScript
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 14 stars
by PumpkinBridge · poc
https://github.com/PumpkinBridge/Chrome-CVE-2024-2887-RCE-POC

This PoC demonstrates a type confusion vulnerability in Google Chrome's WebAssembly (Wasm) implementation, leading to arbitrary WASM type confusion and potential remote code execution (RCE). It exploits a flaw where canonicalized type indexes are mistakenly treated as normal type indexes, allowing manipulation of memory structures.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Complex
Reliability
Theoretical
Target: Google Chrome (specific version not specified)
No auth needed
Prerequisites: Access to a vulnerable version of Google Chrome · Ability to execute JavaScript in the browser context
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 1 stars
by jjyuorg · poc
https://github.com/jjyuorg/reproduce-cve-2024-2887

This PoC exploits a type confusion vulnerability in V8's WebAssembly GC implementation by generating a large number of struct types to trigger a crash or bug. It automates the process of testing different type counts to find the threshold that causes the issue.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Moderate
Reliability
Reliable
Target: V8 JavaScript Engine (with --experimental-wasm-gc flag)
No auth needed
Prerequisites: Access to V8 d8 binary · wat2wasm tool · WebAssembly GC enabled
devstral-2 · analyzed Feb 16, 2026 Full analysis →
github WORKING POC
by ad3210 · htmlpoc
https://github.com/ad3210/CVE-2024-2887-REPORT

The repository contains a functional exploit PoC for CVE-2024-2887, demonstrating a type confusion vulnerability in Google Chrome's WebAssembly (WASM) garbage-collection handling. The exploit leverages canonical type ID wraparound to bypass type checks and achieve arbitrary memory read/write, leading to remote code execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Complex
Reliability
Reliable
Target: Google Chrome versions 123 and earlier
No auth needed
Prerequisites: WebAssembly support in the target browser · Ability to execute JavaScript in the browser context
devstral-2 · analyzed Jun 11, 2026 Full analysis →

References (6)

Core 6

Scores

CVSS v3 7.7
EPSS 0.1988
EPSS Percentile 97.1%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact total

Details

CWE
CWE-843
Status published
Products (4)
fedoraproject/fedora 38
fedoraproject/fedora 39
fedoraproject/fedora 40
google/chrome < 123.0.6312.86
Published Mar 26, 2024
Tracked Since Feb 18, 2026