CVE-2024-0519

CVSS v3.1 8.8 (High)

EPSS 0.21 % (59^th)

Affected Products 3

Advisories 14

NVD Status Analyzed

Out of bounds memory access in V8 in Google Chrome prior to 120.0.6099.224 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Weaknesses

CWE-125: Out-of-bounds Read
CWE-787: Out-of-bounds Write

CVE Status: PUBLISHED
NVD Status: Analyzed
CNA: Chrome
Published Date: 2024-01-16 22:15:37
(7 months ago)
Updated Date: 2024-08-14 19:40:57
(3 weeks ago)

Google Chromium V8 Out-of-Bounds Memory Access Vulnerability (CISA - Known Exploited Vulnerabilities Catalog)

Description: Google Chromium V8 Engine contains an out-of-bounds memory access vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Known to be Used in Ransomware Campaigns: Unknown
Notes: https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_16.html

Vendor: Google
Product: Chromium V8
In CISA Catalog from: 2024-01-17
(7 months ago)
Due Date: 2024-02-07
(7 months ago)

Affected Products

Configuration #1

		CPE23	From	Up To
	Google Chrome prior 120.0.6099.224 version	cpe:2.3:a:google:chrome		< 120.0.6099.224

Configuration #2

		CPE23	From	Up To
	Fedoraproject Fedora 38	cpe:2.3:o:fedoraproject:fedora:38
	Fedoraproject Fedora 39	cpe:2.3:o:fedoraproject:fedora:39

Configuration #3

		CPE23	From	Up To
	Couchbase Server prior 7.2.5 version	cpe:2.3:a:couchbase:couchbase_server		< 7.2.5

Weaknesses

Google Chromium V8 Out-of-Bounds Memory Access Vulnerability (CISA - Known Exploited Vulnerabilities Catalog)

Affected Products

Couchbase

Fedoraproject

Google

Configuration #1

Configuration #2

Configuration #3