Type Confusion in V8 (CVE-2024-5274) #shorts #breaking

CVE

CVE-2024-5274 is a security vulnerability known as Type Confusion in V8, the JavaScript and WebAssembly engine used by Google Chrome. Discovered just 0 months ago, this is a zero-day vulnerability which means it has been actively exploited in the wild before a patch was available. Hackers can exploit this vulnerability using a specially crafted HTML page to execute arbitrary code within Chrome's sandbox environment. This issue affects all Google Chrome versions below 125.0.6422.112, making potential targets of various unknown users.

Watch the full video on YouTube: CVE-2024-5274

Remediation and exploitation details

This chain involves the following actors

This following systems are involved

Attack entry point

Remediation actions

Exploitation actions

Related Content

NOTE: The following related content has not been vetted and may be unsafe.

CVE database technical details

CVE ID
CVE-2024-5274
Description
Type Confusion in V8 in Google Chrome prior to 125.0.6422.112 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Provider
Chrome
CWE / problem types
Type Confusion
Affected Software Versions
Google:Chrome:[{'version': '125.0.6422.112', 'status': 'affected', 'lessThan': '125.0.6422.112', 'versionType': 'custom'}]
Date Published
2024-05-28T14:44:31.558Z
Last Updated
2025-02-13T17:54:08.273Z