Search for vulnerabilities
Vulnerability details: VCID-7ysh-8taj-aaas
Vulnerability ID VCID-7ysh-8taj-aaas
Aliases CVE-2024-4947
Summary Type Confusion in V8 in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Status Published
Exploitability 2.0
Weighted Severity 8.6
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-416 Use After Free
CWE-843 Access of Resource Using Incompatible Type ('Type Confusion')
System Score Found at
cvssv3 8.8 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-4947.json
epss 0.00046 https://api.first.org/data/v1/epss?cve=CVE-2024-4947
epss 0.00046 https://api.first.org/data/v1/epss?cve=CVE-2024-4947
epss 0.00046 https://api.first.org/data/v1/epss?cve=CVE-2024-4947
epss 0.00046 https://api.first.org/data/v1/epss?cve=CVE-2024-4947
epss 0.00046 https://api.first.org/data/v1/epss?cve=CVE-2024-4947
epss 0.00046 https://api.first.org/data/v1/epss?cve=CVE-2024-4947
epss 0.00046 https://api.first.org/data/v1/epss?cve=CVE-2024-4947
epss 0.00046 https://api.first.org/data/v1/epss?cve=CVE-2024-4947
epss 0.00046 https://api.first.org/data/v1/epss?cve=CVE-2024-4947
epss 0.00046 https://api.first.org/data/v1/epss?cve=CVE-2024-4947
epss 0.00046 https://api.first.org/data/v1/epss?cve=CVE-2024-4947
epss 0.00046 https://api.first.org/data/v1/epss?cve=CVE-2024-4947
epss 0.00046 https://api.first.org/data/v1/epss?cve=CVE-2024-4947
epss 0.00046 https://api.first.org/data/v1/epss?cve=CVE-2024-4947
epss 0.00046 https://api.first.org/data/v1/epss?cve=CVE-2024-4947
epss 0.00046 https://api.first.org/data/v1/epss?cve=CVE-2024-4947
epss 0.00046 https://api.first.org/data/v1/epss?cve=CVE-2024-4947
epss 0.00046 https://api.first.org/data/v1/epss?cve=CVE-2024-4947
epss 0.00046 https://api.first.org/data/v1/epss?cve=CVE-2024-4947
epss 0.00046 https://api.first.org/data/v1/epss?cve=CVE-2024-4947
epss 0.00046 https://api.first.org/data/v1/epss?cve=CVE-2024-4947
epss 0.00046 https://api.first.org/data/v1/epss?cve=CVE-2024-4947
epss 0.00046 https://api.first.org/data/v1/epss?cve=CVE-2024-4947
epss 0.00046 https://api.first.org/data/v1/epss?cve=CVE-2024-4947
epss 0.00046 https://api.first.org/data/v1/epss?cve=CVE-2024-4947
epss 0.00046 https://api.first.org/data/v1/epss?cve=CVE-2024-4947
epss 0.00046 https://api.first.org/data/v1/epss?cve=CVE-2024-4947
epss 0.00046 https://api.first.org/data/v1/epss?cve=CVE-2024-4947
epss 0.00046 https://api.first.org/data/v1/epss?cve=CVE-2024-4947
epss 0.00046 https://api.first.org/data/v1/epss?cve=CVE-2024-4947
epss 0.00046 https://api.first.org/data/v1/epss?cve=CVE-2024-4947
epss 0.00053 https://api.first.org/data/v1/epss?cve=CVE-2024-4947
epss 0.00053 https://api.first.org/data/v1/epss?cve=CVE-2024-4947
epss 0.00053 https://api.first.org/data/v1/epss?cve=CVE-2024-4947
epss 0.00053 https://api.first.org/data/v1/epss?cve=CVE-2024-4947
epss 0.00053 https://api.first.org/data/v1/epss?cve=CVE-2024-4947
epss 0.00053 https://api.first.org/data/v1/epss?cve=CVE-2024-4947
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2024-4947
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2024-4947
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2024-4947
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2024-4947
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2024-4947
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2024-4947
epss 0.0018 https://api.first.org/data/v1/epss?cve=CVE-2024-4947
epss 0.0018 https://api.first.org/data/v1/epss?cve=CVE-2024-4947
epss 0.0018 https://api.first.org/data/v1/epss?cve=CVE-2024-4947
epss 0.0018 https://api.first.org/data/v1/epss?cve=CVE-2024-4947
epss 0.0018 https://api.first.org/data/v1/epss?cve=CVE-2024-4947
epss 0.00223 https://api.first.org/data/v1/epss?cve=CVE-2024-4947
epss 0.00223 https://api.first.org/data/v1/epss?cve=CVE-2024-4947
epss 0.00223 https://api.first.org/data/v1/epss?cve=CVE-2024-4947
epss 0.00223 https://api.first.org/data/v1/epss?cve=CVE-2024-4947
epss 0.00223 https://api.first.org/data/v1/epss?cve=CVE-2024-4947
epss 0.00223 https://api.first.org/data/v1/epss?cve=CVE-2024-4947
epss 0.00223 https://api.first.org/data/v1/epss?cve=CVE-2024-4947
epss 0.00223 https://api.first.org/data/v1/epss?cve=CVE-2024-4947
epss 0.00223 https://api.first.org/data/v1/epss?cve=CVE-2024-4947
epss 0.00223 https://api.first.org/data/v1/epss?cve=CVE-2024-4947
epss 0.00223 https://api.first.org/data/v1/epss?cve=CVE-2024-4947
epss 0.00223 https://api.first.org/data/v1/epss?cve=CVE-2024-4947
epss 0.00532 https://api.first.org/data/v1/epss?cve=CVE-2024-4947
epss 0.00532 https://api.first.org/data/v1/epss?cve=CVE-2024-4947
epss 0.00532 https://api.first.org/data/v1/epss?cve=CVE-2024-4947
epss 0.00532 https://api.first.org/data/v1/epss?cve=CVE-2024-4947
epss 0.09033 https://api.first.org/data/v1/epss?cve=CVE-2024-4947
epss 0.09033 https://api.first.org/data/v1/epss?cve=CVE-2024-4947
epss 0.09033 https://api.first.org/data/v1/epss?cve=CVE-2024-4947
epss 0.09033 https://api.first.org/data/v1/epss?cve=CVE-2024-4947
epss 0.09033 https://api.first.org/data/v1/epss?cve=CVE-2024-4947
epss 0.09033 https://api.first.org/data/v1/epss?cve=CVE-2024-4947
epss 0.09033 https://api.first.org/data/v1/epss?cve=CVE-2024-4947
epss 0.09033 https://api.first.org/data/v1/epss?cve=CVE-2024-4947
epss 0.09033 https://api.first.org/data/v1/epss?cve=CVE-2024-4947
epss 0.09033 https://api.first.org/data/v1/epss?cve=CVE-2024-4947
epss 0.09033 https://api.first.org/data/v1/epss?cve=CVE-2024-4947
epss 0.09033 https://api.first.org/data/v1/epss?cve=CVE-2024-4947
epss 0.09033 https://api.first.org/data/v1/epss?cve=CVE-2024-4947
epss 0.23462 https://api.first.org/data/v1/epss?cve=CVE-2024-4947
cvssv3 8.8 https://nvd.nist.gov/vuln/detail/CVE-2024-4947
cvssv3 9.6 https://nvd.nist.gov/vuln/detail/CVE-2024-4947
cvssv3.1 9.6 https://nvd.nist.gov/vuln/detail/CVE-2024-4947
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-4947.json
https://api.first.org/data/v1/epss?cve=CVE-2024-4947
https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_15.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4947
https://issues.chromium.org/issues/340221135
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6G7EYH2JAK5OJPVNC6AXYQ5K7YGYNCDN/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NTSN22LNYXMWHVTYNOYQVOY7VDZFHENQ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WSUWM73ZCXTN62AT2REYQDD5ZKPFMDZD/
2281874 https://bugzilla.redhat.com/show_bug.cgi?id=2281874
cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*
CVE-2024-4947 https://nvd.nist.gov/vuln/detail/CVE-2024-4947
Data source KEV
Date added May 20, 2024
Description Google Chromium V8 contains a type confusion vulnerability that allows a remote attacker to execute code via a crafted HTML page.
Required action Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Due date June 10, 2024
Note 
https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_15.html; https://nvd.nist.gov/vuln/detail/CVE-2024-4947
Ransomware campaign use Unknown
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-4947.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2024-4947
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2024-4947
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2024-4947
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.13576
EPSS Score 0.00046
Published At April 16, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2024-05-17T12:42:37.774847+00:00 NVD Importer Import https://nvd.nist.gov/vuln/detail/CVE-2024-4947 34.0.0rc4