CVE-2024-0519

HIGH CISA KEV EPSS 88.6%
Published Jan 16, 20242y ago · Modified Jun 17, 20261w ago
8.8 CVSS 3.1
High
Find Similar
Published Jan 16, 2024 2y ago
Last Modified Jun 17, 2026 1w ago
KEV Listed Jan 17, 2024 2y ago
KEV Due Feb 7, 2024 874d overdue

Description

Out of bounds memory access in V8 in Google Chrome prior to 120.0.6099.224 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVSS Details

Base Score
8.8
Exploitability
2.8
Impact
5.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction Required
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

CISA Known Exploited Overdue 874d
Added
Jan 17, 2024
Due
Feb 7, 2024

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

EPSS Exploit Probability
88.6% percentile
Exploit & Patch Status
Actively Exploited (KEV)
No Patch Available

Weaknesses 2

CWE-125 Out-of-bounds Read Memory Safety
CWE-787 Out-of-bounds Write Memory Safety

Affected Products 4

VendorProductVersionRange
googlechrome* <120.0.6099.224
fedoraprojectfedora38any
fedoraprojectfedora39any
couchbasecouchbase_server* <7.2.5

References 6

  • chromereleases.googleblog.com https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_16.html
    Release Notes
  • crbug.com https://crbug.com/1517354
    Permissions Required
  • lists.fedoraproject.org https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IIUBRVICICWREJQUVT67RS7E4PVZQ5RS/
    Broken LinkMailing List
  • lists.fedoraproject.org https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TNN4SO5UI3U3Q6ASTVT6WMZ4723FYDLH/
    Broken LinkMailing List
  • cisa.gov https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-0519
    US Government Resource
  • couchbase.com https://www.couchbase.com/alerts/
    Third Party Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.