CVE-2024-4947

May 15, 2024, 9:15 p.m.

None
No Score

Description

Type Confusion in V8 in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Product(s) Impacted

Product Versions
Google Chrome
  • before 125.0.6422.60

Weaknesses

Common security weaknesses mapped to this vulnerability.

References

https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_15.html
https://issues.chromium.org/issues/340221135

Tags

chrome-cve-admin@google.com
2024-05-15
CVE-2024-4947

Timeline

Published: May 15, 2024, 9:15 p.m.
Last Modified: May 15, 2024, 9:15 p.m.

Status : Received

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

chrome-cve-admin@google.com

Relations

Here is the list of observables linked to the vulnerability CVE-2024-4947 using threat intelligence.

  • Citrine Sleet
  • Lazarus
  • Kaolin
  • Manuscrypt

Linked Attack Reports

North Korean threat actor Citrine Sleet exploiting Chromium zero-day

Microsoft identified a North Korean threat actor exploiting a zero-day vulnerability in Chromium, now identified as CVE-2024-7971, to gain remote code execution (RCE). Microsoft assess with high confidence that the observed exploitation of CVE-2024-7971 can be attributed to a North Korean threat ac…
fudmodule
CVE-2024-7971
2024-09-02
diamond sleet
citrine sleet
hidden cobra
Published: September 2, 2024
Linked vulnerabilities : CVE-2024-4947, CVE-2024-5274, CVE-2024-38106 (CVSS 7.0), CVE-2024-38193 (CVSS 7.8), CVE-2024-7971 (CVSS 8.8), CVE-2023-42793, CVE-2024-21338
Downloadable IOCs: 2

Lazarus APT steals cryptocurrency and user data via a decoy MOBA game

Lazarus APT launched a sophisticated attack campaign using a decoy MOBA game website to exploit a zero-day vulnerability in Google Chrome. The exploit allowed remote code execution and bypassed the V8 sandbox. The attackers used social engineering tactics on social media to promote the fake game, w…
apt
exploit
social engineering
cryptocurrency
zero-day
CVE-2024-4947
2024-10-23
google chrome
manuscrypt
game
v8 sandbox
Published: October 23, 2024
Linked vulnerabilities : CVE-2024-4947
Downloadable IOCs: 2

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.