CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-0519

Critical Severity
Google
SVRS
82/100
CVSSv3
8.8/10
EPSS
0.00048/1

CVE-2024-0519 is a critical out-of-bounds memory access vulnerability in Google Chrome. Exploiting this flaw, a remote attacker could potentially cause heap corruption through a specially crafted HTML page. With an SVRS of 82, this vulnerability demands immediate attention and remediation. The high SVRS signifies that this CVE is being actively exploited or has a high likelihood of exploitation. Given its presence in the wild and with available exploits, patching this vulnerability is paramount to prevent potential system compromise. This vulnerability can lead to arbitrary code execution, data theft, or denial of service. The CISA KEV tag further emphasizes the urgency of addressing this threat.

TAGS
In The Wild
Exploit Avaliable
CISA KEV
VECTOR STRING
CVSS:3.1
AV:N
AC:L
PR:N
UI:R
S:U
C:H
I:H
A:H
PUBLICATION DATE2024-01-16
LAST MODIFIED2024-12-20
Eye Icon
SOCRadar
AI Insight

Description:

Information regarding CVE-2024-0519 is currently unavailable. The Common Vulnerability Scoring System (CVSS) score, description, modification, and publication dates are not provided. Additionally, the SOCRadar Vulnerability Risk Score (SVRS) is not available. Therefore, the urgency and severity of the threat cannot be determined.

Key Insights:

Due to the lack of information, it is not possible to extract key insights regarding the cybersecurity implications of CVE-2024-0519.

Mitigation Strategies:

Since the details of CVE-2024-0519 are unknown, specific mitigation strategies cannot be recommended.

Additional Information:

If users have further inquiries regarding this incident, they can utilize the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

No IOCs found for this CVE

Exploits

TitleSoftware LinkDate
JohnHormond/CVE-2024-0519-Chrome-exploithttps://github.com/JohnHormond/CVE-2024-0519-Chrome-exploit2024-03-04
Oxdestiny/CVE-2024-0519-Chrome-exploithttps://github.com/Oxdestiny/CVE-2024-0519-Chrome-exploit2024-03-27
Ostorlab/KEVhttps://github.com/Ostorlab/KEV2022-04-19
Google Chromium V8 Out-of-Bounds Memory Access Vulnerabilityhttps://www.cisa.gov/search?g=CVE-2024-05192024-01-17
Threekiii/CVEhttps://github.com/Threekiii/CVE2023-01-05
Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

Chrome Patches First Zero-Day of 2024 Exploited in the Wild
admin2024-12-24
Chrome Patches First Zero-Day of 2024 Exploited in the Wild | Google released an emergency fix for the first zero-day vulnerability of the year in its Chrome web browser, warning that the bug is under active exploitation. The Silicon Valley giant disclosed limited details Tuesday in an advisory detailing little about the vulnerability, tracked as CVE-2024-0519, other than saying it is an out-of-bounds memory access flaw […] The post Chrome Patches First Zero-Day of 2024 Exploited in the
dataprotectioncenter.com
rss
forum
news
Google Patches Yet Another Actively Exploited Chrome Zero-Day Vulnerability - The Hacker News
2024-05-16
Google Patches Yet Another Actively Exploited Chrome Zero-Day Vulnerability - The Hacker News | News Content: Google has rolled out fixes to address a set of nine security issues in its Chrome browser, including a new zero-day that has been exploited in the wild. Assigned the CVE identifier CVE-2024-4947, the vulnerability relates to a type confusion bug in the V8 JavaScript and WebAssembly engine. It was reported by Kaspersky researchers Vasily Berdnikov and Boris Larin on May 13, 2024. Type confusion vulnerabilities arise when a program attempts to access a resource with an incompatible type. It can have
google.com
rss
forum
news
New Chrome Zero-Day Vulnerability CVE-2024-4761 Under Active Exploitation - The Hacker News
2024-05-14
New Chrome Zero-Day Vulnerability CVE-2024-4761 Under Active Exploitation - The Hacker News | News Content: Google on Monday shipped emergency fixes to address a new zero-day flaw in the Chrome web browser that has come under active exploitation in the wild. The high-severity vulnerability, tracked as CVE-2024-4761, is an out-of-bounds write bug impacting the V8 JavaScript and WebAssembly engine. It was reported anonymously on May 9, 2024. Out-of-bounds write bugs could be typically exploited by malicious actors to corrupt data, or induce a crash or execute arbitrary code on compromised hosts
google.com
rss
forum
news
Google Warns of CVE-2024-7965 Chrome Security Flaw Under Active Exploitation - The Hacker News
2024-08-27
Google Warns of CVE-2024-7965 Chrome Security Flaw Under Active Exploitation - The Hacker News | News Content: Google has revealed that a security flaw that was patched as part of a software update rolled out last week to its Chrome browser has come under active exploitation in the wild. Tracked as CVE-2024-7965, the vulnerability has been described as an inappropriate implementation bug in the V8 JavaScript and WebAssembly engine. "Inappropriate implementation in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page," according to a description of
google.com
rss
forum
news
Google Fixes High-Severity Chrome Flaw Actively Exploited in the Wild - The Hacker News
2024-08-22
Google Fixes High-Severity Chrome Flaw Actively Exploited in the Wild - The Hacker News | News Content: Google has rolled out security fixes to address a high-severity security flaw in its Chrome browser that it said has come under active exploitation in the wild. Tracked as CVE-2024-7971, the vulnerability has been described as a type confusion bug in the V8 JavaScript and WebAssembly engine. "Type confusion in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to exploit heap corruption via a crafted HTML page," according to a description of the bug in the NIST National
google.com
rss
forum
news
The Rise of Zero-Day Vulnerabilities: Why Traditional Security Solutions Fall Short
Ajit Jasrotia2024-10-15
The Rise of Zero-Day Vulnerabilities: Why Traditional Security Solutions Fall Short | In recent years, the number and sophistication of zero-day vulnerabilities have surged, posing a critical threat to organizations of all sizes. A zero-day vulnerability is a security flaw in software that is unknown to the vendor and remains unpatched at the time of discovery. Attackers exploit these flaws before any defensive measures can be implemented, […] The post The Rise of Zero-Day Vulnerabilities: Why Traditional Security Solutions Fall Short
cve-2024-0519
domains
urls
cves
Google fixes ninth Chrome zero-day tagged as exploited this year - BleepingComputer
2024-08-21
Google fixes ninth Chrome zero-day tagged as exploited this year - BleepingComputer | News Content: By Sergiu Gatlan 05:43 PM ​​Today, Google released a new Chrome emergency security update to patch a zero-day vulnerability tagged as exploited in attacks. "Google is aware that an exploit for CVE-2024-7971 exists in the wild," the company said in an advisory published on Wednesday. This high-severity zero-day vulnerability is caused by a type confusion weakness in Chrome's V8 JavaScript engine. Security researchers with the Microsoft Threat Intelligence Center (MSTIC) and Microsoft Security Response Center (MSRC) reported it on
cve-2024-7971
cve-2024-2887
cve-2024-0519
cve-2024-3159

Social Media

@xvonfers lmao! This is me but for CVE-2024-0519 😆
0
1
4
RT @mistymntncop: CVE Cold Case. Isn't it crazy that even after a year we basically know nothing about the V8 ITW CVE-2024-0519. How is the…
0
14
0
Belangrijke beveiligingsupdate voor google chrome: bescherming tegen cve-2024-0519 kwetsbaarheid https://t.co/gbrZ3XPcnd #CVE-2024-0519 #Google Chrome beveiligingsupdate #Chrome kwetsbaarheid #Heap corruptie exploitatie #V8 engine beveiligingslek #Trending #Tech #Nieuws
0
0
0
actively exploited #Chrome 0 days in this year. CVE-2024-0519: OOB in V8. #itw(2024.1) CVE-2024-2887: type confusion in WebAssembly.(2024.3) CVE-2024-2886: UAF in WebCodecs. (2024.3) CVE-2024-3159: OOB in V8.(2024.3) CVE-2024-4671: Heap corruption in Blink. #itw(2024.5)
0
0
1
@buptdsb @alisaesage Yeah I was saddened they did not open the issue page for CVE-2024-0519 even after 14 weeks :'(. Unironically I think the best source of info on vulns is twitter at the moment....
1
0
0
@alisaesage CVE-2024-0519 is the one that eludes me so far. I kinda thought the issue page would be open by now...
0
0
0

Affected Software

Configuration 1
TypeVendorProduct
AppGooglechrome
Configuration 2
TypeVendorProduct
OSFedoraprojectfedora
Configuration 3
TypeVendorProduct
AppCouchbasecouchbase_server

References

ReferenceLink
[email protected]https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_16.html
[email protected]https://crbug.com/1517354
[email protected]https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_16.html
[email protected]https://crbug.com/1517354
[email protected]https://lists.fedoraproject.org/archives/list/[email protected]/message/IIUBRVICICWREJQUVT67RS7E4PVZQ5RS/
[email protected]https://lists.fedoraproject.org/archives/list/[email protected]/message/TNN4SO5UI3U3Q6ASTVT6WMZ4723FYDLH/
[email protected]https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_16.html
[email protected]https://crbug.com/1517354
[email protected]https://lists.fedoraproject.org/archives/list/[email protected]/message/IIUBRVICICWREJQUVT67RS7E4PVZQ5RS/
[email protected]https://lists.fedoraproject.org/archives/list/[email protected]/message/TNN4SO5UI3U3Q6ASTVT6WMZ4723FYDLH/
[email protected]https://www.couchbase.com/alerts/
AF854A3A-2127-422B-91AE-364DA2661108https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_16.html
AF854A3A-2127-422B-91AE-364DA2661108https://crbug.com/1517354
AF854A3A-2127-422B-91AE-364DA2661108https://lists.fedoraproject.org/archives/list/[email protected]/message/IIUBRVICICWREJQUVT67RS7E4PVZQ5RS/
AF854A3A-2127-422B-91AE-364DA2661108https://lists.fedoraproject.org/archives/list/[email protected]/message/TNN4SO5UI3U3Q6ASTVT6WMZ4723FYDLH/
AF854A3A-2127-422B-91AE-364DA2661108https://www.couchbase.com/alerts/
[email protected]https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_16.html
[email protected]https://crbug.com/1517354
[email protected]https://lists.fedoraproject.org/archives/list/[email protected]/message/IIUBRVICICWREJQUVT67RS7E4PVZQ5RS/
[email protected]https://lists.fedoraproject.org/archives/list/[email protected]/message/TNN4SO5UI3U3Q6ASTVT6WMZ4723FYDLH/
[email protected]https://www.couchbase.com/alerts/

CWE Details

CWE IDCWE NameDescription
CWE-787Out-of-bounds WriteThe software writes data past the end, or before the beginning, of the intended buffer.
CWE-125Out-of-bounds ReadThe software reads data past the end, or before the beginning, of the intended buffer.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence