CVE-2024-1939
Published: 29 February 2024
Summary
CVE-2024-1939 is a high-severity Type Confusion (CWE-843) vulnerability in Fedoraproject Fedora. Its CVSS base score is 8.8 (High).
Operationally, ranked in the top 2.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Deeper analysis
Type Confusion in the V8 JavaScript engine of Google Chrome versions prior to 122.0.6261.94 enables heap corruption. The flaw is tracked as CWE-843 and received a CVSS 3.1 base score of 8.8, reflecting network attack vector, low complexity, and no required privileges beyond a user visiting a malicious page.
A remote attacker can deliver a crafted HTML page that triggers the type confusion, potentially allowing arbitrary code execution or memory corruption within the renderer process. Successful exploitation could compromise confidentiality, integrity, and availability of the affected browser instance.
Chrome stable channel updates released on 27 February 2024 upgraded V8 to version 122.0.6261.94 and later, closing the issue. Corresponding packages were issued for Fedora systems to facilitate deployment of the fixed Chrome builds.
EPSS scores have remained near 0.46 with only minor fluctuation since disclosure, indicating no pronounced post-release surge in observed exploitation interest.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-17661
Vulnerability details
Type Confusion in V8 in Google Chrome prior to 122.0.6261.94 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.