CVE-2024-12692
Published: 18 December 2024
Summary
CVE-2024-12692 is a high-severity Type Confusion (CWE-843) vulnerability in Google Chrome. Its CVSS base score is 8.8 (High).
Operationally, ranked in the top 9.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
The vulnerability is a type confusion flaw, tracked as CWE-843, in the V8 JavaScript engine of Google Chrome versions prior to 131.0.6778.204. It carries a CVSS 3.1 base score of 8.8 and was assigned high severity by the Chromium project, with the root cause allowing heap corruption when processing malicious input.
A remote attacker can exploit the issue without authentication by serving a crafted HTML page that triggers the type confusion during JavaScript execution. Successful exploitation can result in heap corruption that leads to confidentiality, integrity, and availability impacts on the affected browser process.
The referenced Chrome stable channel update and associated Chromium issue tracker entry indicate that the flaw is resolved by upgrading to version 131.0.6778.204 or later. The EPSS score has remained low, with a current value of 0.0539 and a peak of 0.0685.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-51051
Vulnerability details
Type Confusion in V8 in Google Chrome prior to 131.0.6778.204 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.