CVE-2024-7965

HIGH KEV

Google Chrome < 128.0.6613.84 - Out-of-Bounds Write

Title source: rule

Description

Inappropriate implementation in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Exploits (4)

nomisec WORKING POC 48 stars

by bi-zone · client-side

https://github.com/bi-zone/CVE-2024-7965

View Code ZIP pw:eip

nomisec WORKING POC 1 stars

by XueDugu · poc

https://github.com/XueDugu/cve-2024-7965-poc

View Code ZIP pw:eip

vulncheck_xdb

dos

https://github.com/XiaomingX/cve-2024-7965-poc

View on vulncheck_xdb

inthewild

poc

https://github.com/xiaomingx/cve-2024-7965-poc

View on inthewild

References (3)

[Release Notes] https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop_21.html

[Permissions Required] https://issues.chromium.org/issues/356196918

[US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-7965

Scores

CVSS v3 8.8

EPSS 0.2732

EPSS Percentile 96.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CISA KEV 2024-08-28

VulnCheck KEV 2024-08-21

InTheWild.io 2024-08-21

ENISA EUVD EUVD-2024-48798

CWE

CWE-358 CWE-787

Status published

Products (2)

google/chrome < 128.0.6613.84

microsoft/edge_chromium < 128.0.2739.42

Published Aug 21, 2024

KEV Added Aug 28, 2024

Tracked Since Feb 18, 2026