CVE-2024-5830
Published: 11 June 2024
Summary
CVE-2024-5830 is a high-severity Type Confusion (CWE-843) vulnerability in Fedoraproject Fedora. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Drive-by Compromise (T1189); ranked in the top 6.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
CVE-2024-5830 is a type confusion vulnerability in the V8 JavaScript engine within Google Chrome versions prior to 126.0.6478.54. The flaw, tracked under CWEs 843 and 787, permits an out-of-bounds memory write when a victim visits a specially crafted HTML page. It carries a CVSS 3.1 base score of 8.8 and was rated High severity by the Chromium project.
A remote attacker can exploit the issue without authentication by serving malicious web content that triggers the type confusion during JavaScript execution. Successful exploitation grants the ability to corrupt memory outside intended bounds, which can be leveraged to achieve arbitrary code execution or other high-impact effects on the confidentiality, integrity, and availability of the browser process.
Chrome stable channel updates released on 11 June 2024 advise users to upgrade immediately to version 126.0.6478.54 or later; downstream distributions such as Fedora have published corresponding package advisories directing administrators to apply the patched builds. The EPSS score has remained flat at 0.0976 with no material increase observed after disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-46976
Vulnerability details
Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Type confusion vulnerability in Chrome V8 JavaScript engine enables remote attackers to achieve out-of-bounds memory write via crafted HTML page, facilitating drive-by compromise (T1189) and exploitation for client execution (T1203).
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Out-of-bounds writes that corrupt control flow or inject shellcode are rendered non-executable by the same memory protections.