CVE-2024-5274

May 28, 2024, 5:11 p.m.

None
No Score

Description

Type Confusion in V8 in Google Chrome prior to 125.0.6422.112 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Product(s) Impacted

Product Versions
Google Chrome
  • ['before 125.0.6422.112']
chrome
  • *

Weaknesses

Common security weaknesses mapped to this vulnerability.

References

https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_23.html
https://issues.chromium.org/issues/341663589

Tags

chrome-cve-admin@google.com
CWE-843
2024-05-28
CVE-2024-5274

Timeline

Published: May 28, 2024, 3:15 p.m.
Last Modified: May 28, 2024, 5:11 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

chrome-cve-admin@google.com

Relations

Here is the list of observables linked to the vulnerability CVE-2024-5274 using threat intelligence.

  • Citrine Sleet
  • Kaolin

Linked Attack Reports

North Korean threat actor Citrine Sleet exploiting Chromium zero-day

Microsoft identified a North Korean threat actor exploiting a zero-day vulnerability in Chromium, now identified as CVE-2024-7971, to gain remote code execution (RCE). Microsoft assess with high confidence that the observed exploitation of CVE-2024-7971 can be attributed to a North Korean threat ac…
fudmodule
CVE-2024-7971
2024-09-02
diamond sleet
citrine sleet
hidden cobra
Published: September 2, 2024
Linked vulnerabilities : CVE-2024-4947, CVE-2024-5274, CVE-2024-38106 (CVSS 7.0), CVE-2024-38193 (CVSS 7.8), CVE-2024-7971 (CVSS 8.8), CVE-2023-42793, CVE-2024-21338
Downloadable IOCs: 2

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.