CVE-2024-9122
Published: 25 September 2024
Summary
CVE-2024-9122 is a high-severity Type Confusion (CWE-843) vulnerability in Google Chrome. Its CVSS base score is 8.8 (High).
Operationally, ranked in the top 5.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Deeper analysis
CVE-2024-9122 is a type confusion vulnerability in the V8 JavaScript engine within Google Chrome versions prior to 129.0.6668.70. The flaw, assigned CWE-843, permits out-of-bounds memory access when a victim renders a specially crafted HTML page, and it carries a CVSS 3.1 base score of 8.8 reflecting high impact on confidentiality, integrity, and availability.
A remote attacker can exploit the issue without authentication by serving the malicious page to a target user; successful exploitation may allow arbitrary memory reads or writes that could lead to code execution or browser process compromise.
The referenced Chrome stable-channel update and Chromium issue tracker entry indicate that the vulnerability is resolved by upgrading to version 129.0.6668.70 or later. The associated EPSS score remains flat at 0.1501 with no reported real-world exploitation activity.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-49744
Vulnerability details
Type Confusion in V8 in Google Chrome prior to 129.0.6668.70 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.