CVE-2024-12381
Published: 12 December 2024
Summary
CVE-2024-12381 is a high-severity Type Confusion (CWE-843) vulnerability in Google Chrome. Its CVSS base score is 8.8 (High).
Operationally, ranked in the top 8.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
CVE-2024-12381 is a type confusion vulnerability in the V8 JavaScript engine within Google Chrome versions prior to 131.0.6778.139. The flaw, assigned CWE-843, can result in heap corruption when a specially crafted HTML page is processed, carrying a CVSS 3.1 score of 8.8 reflecting high impact on confidentiality, integrity, and availability.
A remote attacker can trigger the issue by convincing a user to visit a malicious web page, allowing potential exploitation of the resulting memory corruption without requiring authentication or elevated privileges.
The referenced Chrome stable channel update and Chromium issue tracker entry indicate that the vulnerability is addressed by upgrading to version 131.0.6778.139 or later.
EPSS for this CVE rose from lower values to a peak of 0.1094 on 2026-02-23 before receding to the current 0.0663, indicating a period of increased exploitation interest after disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-50815
Vulnerability details
Type Confusion in V8 in Google Chrome prior to 131.0.6778.139 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.