CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-4948

Medium Severity
Google
SVRS
30/100
CVSSv3
6.5/10
EPSS
0.00332/1

CVE-2024-4948 is a use-after-free vulnerability in Google Chrome that allows a remote attacker to potentially corrupt the heap. This flaw exists in Dawn, a component of Google Chrome, in versions prior to 125.0.6422.60. The vulnerability could be exploited by crafting a malicious HTML page. While the CVSS score is 6.5, indicating a medium severity, the SOCRadar Vulnerability Risk Score (SVRS) of 30 suggests a lower immediate risk compared to vulnerabilities with scores above 80. However, it's crucial to patch this vulnerability, especially since it's categorized as high severity by Chromium. Successfully exploiting CVE-2024-4948 could lead to arbitrary code execution, potentially compromising the user's system. Organizations should prioritize updating Chrome to the latest version to mitigate this cybersecurity risk. The presence of the "In The Wild" tag suggests potential active exploitation.

TAGS
In The Wild
VECTOR STRING
CVSS:3.1
AV:N
AC:L
PR:N
UI:R
S:U
C:N
I:N
A:H
PUBLICATION DATE2024-05-15
LAST MODIFIED2024-12-19
Eye Icon
SOCRadar
AI Insight

Description:

CVE-2024-4948 is a use-after-free vulnerability in Dawn, a component of Google Chrome. This vulnerability allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. The CVSS score for this vulnerability is 0, indicating a low severity. However, SOCRadar's SVRS assigns a score of 30, indicating a moderate risk.

Key Insights:

  • This vulnerability could allow an attacker to execute arbitrary code on a victim's system.
  • The vulnerability is exploitable via a crafted HTML page, making it easy for attackers to target victims.
  • The vulnerability is not currently being actively exploited in the wild.

Mitigation Strategies:

  • Update Google Chrome to version 125.0.6422.60 or later.
  • Use a web browser that is not affected by this vulnerability, such as Firefox or Safari.
  • Be cautious when opening links from unknown sources.

Additional Information:

  • The Cybersecurity and Infrastructure Security Agency (CISA) has not issued a warning about this vulnerability.
  • There are no known threat actors or APT groups that are actively exploiting this vulnerability.
  • If users have additional queries regarding this incident, they can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

CVE-2024-4948 | Google Chrome up to 124.0.6367.207 Dawn use after free (ID 333414)
vuldb.com2025-03-29
CVE-2024-4948 | Google Chrome up to 124.0.6367.207 Dawn use after free (ID 333414) | A vulnerability classified as critical was found in Google Chrome. Affected by this vulnerability is an unknown functionality of the component Dawn. The manipulation leads to use after free. This vulnerability is known as CVE-2024-4948. The attack can be launched remotely. There is no exploit available. It is
vuldb.com
rss
forum
news
Google fixes seventh actively exploited Chrome zero-day this year, the third in a week - securityaffairs.com
2024-05-16
Google fixes seventh actively exploited Chrome zero-day this year, the third in a week - securityaffairs.com | News Content: Google fixes seventh actively exploited Chrome zero-day this year, the third in a week Google released security updates to address a new actively exploited Chrome zero-day vulnerability, the third in a week. Google has released a new emergency security update to address a new vulnerability, tracked as CVE-2024-4947, in the Chrome browser, it is the third zero-day exploited in attacks that was disclosed this week. The vulnerability CVE-2024-4947 is a type confusion that resides in
google.com
rss
forum
news
Google Chrome Zero-day Vulnerability (CVE-2024-4947) Actively Exploited in The Wild - CybersecurityNews
2024-05-16
Google Chrome Zero-day Vulnerability (CVE-2024-4947) Actively Exploited in The Wild - CybersecurityNews | News Content: Google has released an emergency security update for its Chrome web browser to patch a high-severity vulnerability that is being actively exploited by attackers in the wild. The zero-day flaw, tracked as CVE-2024-4947, is a type confusion bug in the V8 JavaScript engine that could allow remote code execution attacks. A type confusion bug in the V8 JavaScript engine refers to a vulnerability where the engine incorrectly interprets the type of an object, leading to logical errors and potentially allowing
google.com
rss
forum
news
Vulnerability Summary for the Week of May 13, 2024
CISA2024-05-20
; The Themify Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's themify_button shortcode in all versions up to, and including, 2.0.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-05-14 <a href="https://nvd.nist.gov/cvss.cfm?version=2&amp;name=CVE-2024-4567&amp;vector=CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" target="_blank" title
cve-2023-52695
cve-2024-4231
cve-2024-4968
cve-2024-4666
Google fixes seventh actively exploited Chrome zero-day this year, the third in a week - Security Affairs
2024-05-16
Google fixes seventh actively exploited Chrome zero-day this year, the third in a week - Security Affairs | News Content: Google fixes seventh actively exploited Chrome zero-day this year, the third in a week Google released security updates to address a new actively exploited Chrome zero-day vulnerability, the third in a week. Google has released a new emergency security update to address a new vulnerability, tracked as CVE-2024-4947, in the Chrome browser, it is the third zero-day exploited in attacks that was disclosed this week. The vulnerability CVE-2024-4947 is a type confusion that resides
google.com
rss
cve-2024-4949
cve-2024-0519
Google fixes seventh actively exploited Chrome zero-day this year, the third in a week
Pierluigi Paganini2024-05-16
Google fixes seventh actively exploited Chrome zero-day this year, the third in a week | Google released security updates to address a new actively exploited Chrome zero-day vulnerability, the third in a week. Google has released a new emergency security update to address a new vulnerability, tracked as CVE-2024-4947, in the Chrome browser, it is the third zero-day exploited in attacks that was disclosed this week. The vulnerability CVE-2024-4947 is [&#8230;] <h2 class="wp-block
cve-2024-0519
cve-2024-4947
cve-2024-2887
cve-2024-4761
CVE-2024-4947- Google Chrome Zero-Day Under Attack: Urgent Patch Released
ddos2024-05-16
CVE-2024-4947- Google Chrome Zero-Day Under Attack: Urgent Patch Released | Google has urgently released patches for a newly discovered zero-day flaw in Chrome, following reports of active exploitation by unknown attackers. The vulnerability, catalogued as CVE-2024-4947, affects the V8 JavaScript engine integral to Google&#8217;s&#46;&#46;&#46; The post CVE-2024-4947- Google Chrome Zero-Day Under Attack: Urgent Patch Released appeared first on InfoTech &amp; InfoSec News<
cve-2024-4947
cve-2024-4948
cve-2024-4949
cve-2024-4950

Social Media

https://t.co/6og05kITFA - Google released Chrome 125 addressing nine vulnerabilities, including high-severity bugs CVE-2024-4947 and CVE-2024-4948. Exploitation of CVE-2024-4947 could allow remote code execution, acknowledged to be exploited in the wild. Updates are advised due…
0
0
0
CVE-2024-4948 Use after free in Dawn in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) https://t.co/jLJM7pGjat
0
0
0
CVE-2024-4948 Use after free in Dawn in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium secur… https://t.co/IS9VjEeelH
0
0
0

Affected Software

Configuration 1
TypeVendorProduct
AppGooglechrome
Configuration 2
TypeVendorProduct
OSFedoraprojectfedora

References

ReferenceLink
[email protected]https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_15.html
[email protected]https://issues.chromium.org/issues/333414294
[email protected]https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_15.html
[email protected]https://issues.chromium.org/issues/333414294
[email protected]https://lists.fedoraproject.org/archives/list/[email protected]/message/6G7EYH2JAK5OJPVNC6AXYQ5K7YGYNCDN/
[email protected]https://lists.fedoraproject.org/archives/list/[email protected]/message/NTSN22LNYXMWHVTYNOYQVOY7VDZFHENQ/
[email protected]https://lists.fedoraproject.org/archives/list/[email protected]/message/WSUWM73ZCXTN62AT2REYQDD5ZKPFMDZD/
AF854A3A-2127-422B-91AE-364DA2661108https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_15.html
AF854A3A-2127-422B-91AE-364DA2661108https://issues.chromium.org/issues/333414294
AF854A3A-2127-422B-91AE-364DA2661108https://lists.fedoraproject.org/archives/list/[email protected]/message/6G7EYH2JAK5OJPVNC6AXYQ5K7YGYNCDN/
AF854A3A-2127-422B-91AE-364DA2661108https://lists.fedoraproject.org/archives/list/[email protected]/message/NTSN22LNYXMWHVTYNOYQVOY7VDZFHENQ/
AF854A3A-2127-422B-91AE-364DA2661108https://lists.fedoraproject.org/archives/list/[email protected]/message/WSUWM73ZCXTN62AT2REYQDD5ZKPFMDZD/
[email protected]https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_15.html
[email protected]https://issues.chromium.org/issues/333414294
[email protected]https://lists.fedoraproject.org/archives/list/[email protected]/message/6G7EYH2JAK5OJPVNC6AXYQ5K7YGYNCDN/
[email protected]https://lists.fedoraproject.org/archives/list/[email protected]/message/NTSN22LNYXMWHVTYNOYQVOY7VDZFHENQ/
[email protected]https://lists.fedoraproject.org/archives/list/[email protected]/message/WSUWM73ZCXTN62AT2REYQDD5ZKPFMDZD/

CWE Details

CWE IDCWE NameDescription
CWE-416Use After FreeReferencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence