CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-12053

Critical Severity
Google
SVRS
80/100
CVSSv3
8.8/10
EPSS
0.00263/1

CVE-2024-12053: Type confusion vulnerability in Google Chrome before version 131.0.6778.108. A remote attacker could exploit object corruption through a specially crafted HTML page. This high severity Chromium security issue is categorized as a Type Confusion vulnerability (CWE-843) in V8, Chrome's JavaScript engine. With a SOCRadar Vulnerability Risk Score (SVRS) of 80, this vulnerability requires immediate attention and patching due to the potential for active exploitation in the wild. Successful exploitation could lead to arbitrary code execution and complete system compromise. Users should update their Chrome browsers to the latest version to mitigate this risk.

TAGS
In The Wild
VECTOR STRING
CVSS:3.1
AV:N
AC:L
PR:N
UI:R
S:U
C:H
I:H
A:H
PUBLICATION DATE2024-12-03
LAST MODIFIED2025-01-02
Eye Icon
SOCRadar
AI Insight

Description

CVE-2024-12053 is a recently disclosed vulnerability with limited information available. While the CVSS score is currently 0, the SOCRadar Vulnerability Risk Score (SVRS) is 36, indicating a potential threat that warrants attention.

Key Insights

  • Limited Information: The lack of a detailed description suggests that the vulnerability might be newly discovered, and further investigation is needed to fully understand its nature and potential impact.
  • In The Wild: The "In The Wild" tag signifies that this vulnerability is already being actively exploited by attackers. This indicates the urgency to take immediate action to protect systems.
  • Potential for High SVRS: The SVRS of 36, although not indicating critical risk, suggests that the vulnerability could potentially escalate to a higher severity level as more information becomes available and its impact is better understood.

Mitigation Strategies

  • Monitor for Updates: Continuously monitor for updates and patches from the software vendor regarding CVE-2024-12053. Apply these updates as soon as they become available.
  • Intensify Threat Monitoring: Enhance security monitoring systems to detect potential exploitation attempts related to CVE-2024-12053. This may include analyzing network traffic, logs, and intrusion detection systems.
  • Implement Security Best Practices: Reinforce security best practices, including strong password policies, multi-factor authentication, and regular system hardening, to mitigate potential vulnerabilities.
  • Consult with Experts: Seek guidance from cybersecurity experts, such as SOCRadar analysts, to receive tailored recommendations based on your specific environment and system configurations.

If you have additional queries regarding this incident, you can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

CVE-2024-12053 | Google Chrome up to 131.0.6778.85 V8 type confusion (ID 379009 / Nessus ID 212027)
vuldb.com2025-02-22
CVE-2024-12053 | Google Chrome up to 131.0.6778.85 V8 type confusion (ID 379009 / Nessus ID 212027) | A vulnerability was found in Google Chrome. It has been declared as critical. This vulnerability affects unknown code of the component V8. The manipulation leads to type confusion. This vulnerability was named CVE-2024-12053. The attack can be initiated remotely. There is no exploit available. It is
vuldb.com
rss
forum
news
The December 2024 Security Update Review
Dustin Childs2025-02-01
The December 2024 Security Update Review | We have made it to the end of the year and the final Patch Tuesday of 2024. As expected, Microsoft and Adobe have released what (hopefully) will be their last patches of the year. Take a break from your holiday preparations and join us as we review the details of their latest security alerts. If you’d rather watch the full video recap covering the entire release, you can check it out here: Adobe Patches for December 2024</strong
zerodayinitiative.com
rss
forum
news
Google Pays $55,000 for High-Severity Chrome Browser Bug
Ionut Arghire2024-12-11
Google Pays $55,000 for High-Severity Chrome Browser Bug | Google pushes out major Chrome browser updates to fix multiple serious security defects. The post Google Pays $55,000 for High-Severity Chrome Browser Bug appeared first on SecurityWeek.
feedburner.com
rss
forum
news
Patch Tuesday - December 2024
Adam Barnett2024-12-10
Patch Tuesday - December 2024 | 1 zero-day. CLFS EoP. 16 critical RCEs. Hyper-V container escape. Multiple Remote Desktop Services RCE.Microsoft is addressing 70 vulnerabilities this December 2024 Patch Tuesday. Microsoft has evidence of in-the-wild exploitation and public disclosure for one of the vulnerabilities published today, and this is reflected in a CISA KEV entry. For the third month in a row
rapid7.com
rss
forum
news
CISA listed Over 270 Critical Vulnerabilities That Were Fixed Last Week – What’s New!
Balaji N2024-12-10
CISA listed Over 270 Critical Vulnerabilities That Were Fixed Last Week – What’s New! | The Cybersecurity and Infrastructure Security Agency (CISA) has published its latest vulnerability bulletin, detailing over 270 security vulnerabilities identified in the past week across a wide range of software and hardware. These vulnerabilities affect popular applications, operating systems, IoT devices, and development frameworks, posing significant risks if left unpatched. The vulnerabilities have been categorized using [&#8230;] The post CISA listed Over 270 Critical Vulnerabilities That Were Fixed Last
cybersecuritynews.com
rss
forum
news
⚡ THN Recap: Top Cybersecurity Threats, Tools and Tips (Dec 2 – 8)
Ajit Jasrotia2024-12-09
⚡ THN Recap: Top Cybersecurity Threats, Tools and Tips (Dec 2 – 8) | This week&#8217;s cyber world is like a big spy movie. Hackers are breaking into other hackers&#8217; setups, sneaky malware is hiding in popular software, and AI-powered scams are tricking even the smartest of us. On the other side, the good guys are busting secret online markets and kicking out shady chat rooms, while big companies [&#8230;] The post ⚡ THN Recap: Top Cybersecurity Threats, Tools and Tips (Dec 2 &#8211;
allhackernews.com
rss
forum
news
Stable Channel Update for Desktop
Prudhvikumar Bommana ([email protected])2024-12-08
Stable Channel Update for Desktop | The Stable channel has been updated to 131.0.6778.108/.109 for Windows, Mac and&nbsp;131.0.6778.108&nbsp;for Linux which will roll out over the coming days/weeks. A full list of changes in this build is available in the&nbsp;<a href="https://chromium.googlesource.com/chromium/src/+log/131.0.6778.86..131.0.6778.108?pretty=fuller&amp;n=10000" style="color
feedburner.com
rss
forum
news

Social Media

(CVE-2024-12053)[379009132][$8000][wasm]Type Confusion is now open with PoC(crashes when calling toString() on a WASM function's return value in JS): https://t.co/nxrSoBveK5
0
0
0
Google Chrome Addresses High-Severity Flaw in V8 JavaScript Engine Find out how #Google #Chrome's latest update enhances your security. Learn about the high-severity vulnerability (CVE-2024-12053) and how it can be patched https://t.co/nVWzT1k82l
0
0
0
CVE-2024-12053 Type Confusion in V8 in Google Chrome prior to 131.0.6778.108 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity High) https://t.co/7VYy099qrt
0
0
0

Affected Software

Configuration 1
TypeVendorProduct
AppGooglechrome

References

ReferenceLink
[email protected]https://chromereleases.googleblog.com/2024/12/stable-channel-update-for-desktop.html
[email protected]https://issues.chromium.org/issues/379009132
GITHUBhttps://issues.chromium.org/issues/379009132

CWE Details

CWE IDCWE NameDescription
CWE-843Access of Resource Using Incompatible Type ('Type Confusion')The program allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence