CVE-2024-4947

CRITICAL KEV

Google Chrome <125.0.6422.60 - RCE

Title source: llm

Description

Type Confusion in V8 in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Exploits (2)

nomisec WORKING POC 29 stars

by bjrjk · client-side

https://github.com/bjrjk/CVE-2024-4947

View Code ZIP pw:eip

vulncheck_xdb

client-side

https://github.com/DiabloX90911/CVE-2024-4947

View on vulncheck_xdb

References (6)

[Vendor Advisory] https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_15.html

[Exploit, Issue Tracking] https://issues.chromium.org/issues/340221135

[Mailing List] https://lists.fedoraproject.org/archives/list/[email protected]/message/6G7EYH2JAK5OJPVNC6AXYQ5K7YGYNCDN/

[Mailing List] https://lists.fedoraproject.org/archives/list/[email protected]/message/NTSN22LNYXMWHVTYNOYQVOY7VDZFHENQ/

[Mailing List] https://lists.fedoraproject.org/archives/list/[email protected]/message/WSUWM73ZCXTN62AT2REYQDD5ZKPFMDZD/

[US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-4947

Scores

CVSS v3 9.6

EPSS 0.0036

EPSS Percentile 57.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Exploitation Intel

CISA KEV 2024-05-20

VulnCheck KEV 2024-05-13

InTheWild.io 2024-05-13

ENISA EUVD EUVD-2024-44509

Classification

CWE

CWE-843

Status published

Affected Products (4)

google/chrome < 125.0.6422.60

fedoraproject/fedora

Timeline

Published May 15, 2024

KEV Added May 20, 2024

Tracked Since Feb 18, 2026