CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-5158

Medium Severity
Google
SVRS
30/100
CVSSv3
8.1/10
EPSS
0.00148/1

CVE-2024-5158 is a critical type confusion vulnerability in the V8 JavaScript engine of Google Chrome. This flaw, present in versions prior to 125.0.6422.76, enables a remote attacker to potentially achieve arbitrary read/write capabilities. This is achieved by crafting a malicious HTML page that exploits the type confusion. Despite the High CVSS score of 8.1, the SOCRadar Vulnerability Risk Score (SVRS) is 30. While SVRS of 30 indicates a lower immediate threat level compared to scores above 80, the presence of "In The Wild" tag suggests that this vulnerability is actively being exploited, so patching should be a high priority. Successful exploitation could lead to significant security breaches, including data theft and unauthorized code execution. Addressing this vulnerability is crucial for maintaining the security and integrity of Chrome browsers.

TAGS
In The Wild
VECTOR STRING
CVSS:3.1
AV:N
AC:L
PR:N
UI:R
S:U
C:H
I:H
A:N
PUBLICATION DATE2024-05-22
LAST MODIFIED2024-12-19

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

CVE-2024-5158 | Google Chrome up to 125.0.6422.60 V8 type confusion
vuldb.com2025-03-28
CVE-2024-5158 | Google Chrome up to 125.0.6422.60 V8 type confusion | A vulnerability classified as critical has been found in Google Chrome. Affected is an unknown function of the component V8. The manipulation leads to type confusion. This vulnerability is traded as CVE-2024-5158. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the
vuldb.com
rss
forum
news
Vulnerability Recap 5/27/24: Google, Microsoft & GitLab Fixes - eSecurity Planet
2024-05-27
Vulnerability Recap 5/27/24: Google, Microsoft & GitLab Fixes - eSecurity Planet | URL: https://www.esecurityplanet.com/threats/vulnerability-recap-may-27-2024/ | Description: In last week’s major vulnerability news, various platforms performed a series of fixes for new and persistent vulnerabilities. QNAP released upgrades for their NAS devices after facing a stack buffer overflow flaw. Fluent Bit published a version upgrade following a memory corruption vulnerability. GitHub Enterprise Server and GitLab patched their authentication bypass and XSS issues. Google Chrome had its eighth zero-day exploit, triggering an emergency upgrade. Additionally, CISA’s exploited vulnerabilities list now includes Apache Flink’s long-standing access control issue. With these
cve-2024-5157
cve-2024-5160
cve-2024-29849
cve-2024-5159
Long Term Support Channel Update for ChromeOS
Giuliana Pritchard ([email protected])2024-06-03
Long Term Support Channel Update for ChromeOS | LTS-120 is being updated in the LTS (Long Term Support) channel, version 120.0.6099.313 (Platform Version: 15662.110.0), for most ChromeOS devices. 
news
blogger.com
rss
forum
Vulnerability Recap 5/27/24: Google, Microsoft & GitLab Fixes - eSecurity Planet
2024-05-27
Vulnerability Recap 5/27/24: Google, Microsoft & GitLab Fixes - eSecurity Planet | Description: In last week’s major vulnerability news, various platforms performed a series of fixes for new and persistent vulnerabilities. QNAP released upgrades for their NAS devices after facing a stack buffer overflow flaw. Fluent Bit published a version upgrade following a memory corruption vulnerability. GitHub Enterprise Server and GitLab patched their authentication bypass and XSS issues. Google Chrome had its eighth zero-day exploit, triggering an emergency upgrade. Additionally, CISA’s exploited vulnerabilities list now includes Apache Flink’s long-standing access control issue. With these new fixes and updates
google.com
rss
forum
news
Vulnerability Recap 5/27/24 – Google, Microsoft & GitLab Fixes
Maine Basan2024-05-27
Vulnerability Recap 5/27/24 – Google, Microsoft & GitLab Fixes | Google, Microsoft, Gitlab, and more performed system patches. Check out these vulnerability fixes. The post Vulnerability Recap 5/27/24 – Google, Microsoft & GitLab Fixes appeared first on eSecurity Planet.In last week’s major vulnerability news, various platforms performed a series of fixes for new and persistent vulnerabilities. QNAP released upgrades for their NAS devices after facing a stack buffer overflow
cve-2024-4323
cve-2024-4985
esecurityplanet.com
rss
Chrome Security Update : Patch for High Severity Flaws
Guru Baran2024-05-22
Chrome Security Update : Patch for High Severity Flaws | Google has recently rolled out a crucial security update for its Chrome web browser, applicable to Windows, Mac, and Linux operating systems. This update aims to rectify various vulnerabilities, with some being classified as high severity. The latest stable channel update, version 125.0.6422.76, addresses a total of 6 security issues identified by external researchers, providing [&#8230;] The post Chrome Security Update : Patch for High Severity Flaws appeared first on <a
cve-2024-5157
cve-2024-5160
cve-2024-5159
cve-2024-5158
CVE-2024-5158 | Google Chrome prior 125.0.6422.76 V8 type confusion
vuldb.com2024-05-22
CVE-2024-5158 | Google Chrome prior 125.0.6422.76 V8 type confusion | A vulnerability classified as critical has been found in Google Chrome. Affected is an unknown function of the component V8. The manipulation leads to type confusion. This vulnerability is traded as CVE-2024-5158. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected
cve-2024-5158
domains
urls
cves

Social Media

#CVE Chromium: CVE-2024-5158 Type Confusion in V8 https://t.co/bUztFYEU4z
0
1
0
(CVE-2024-5158)[338908243][$10000][builtins]The HasOnlySimpleElements function could incorrectly assume that certain non-JSObjects have simple elements -&gt; ... -&gt; Type Confusion https://t.co/zK23BcKZIc @Kipreyyy https://t.co/v5hHp8k34K
0
1
4

Affected Software

Configuration 1
TypeVendorProduct
AppGooglechrome
Configuration 2
TypeVendorProduct
OSFedoraprojectfedora

References

ReferenceLink
[email protected]https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_21.html
[email protected]https://issues.chromium.org/issues/338908243
[email protected]https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_21.html
[email protected]https://issues.chromium.org/issues/338908243
[email protected]https://lists.fedoraproject.org/archives/list/[email protected]/message/5KEVD4433KTOCYY6V4I7MMYKQ6URUS4L/
[email protected]https://lists.fedoraproject.org/archives/list/[email protected]/message/FX6IYZ6XF7B2WE66NFPNI2NHWJFI6VDF/
AF854A3A-2127-422B-91AE-364DA2661108https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_21.html
AF854A3A-2127-422B-91AE-364DA2661108https://issues.chromium.org/issues/338908243
AF854A3A-2127-422B-91AE-364DA2661108https://lists.fedoraproject.org/archives/list/[email protected]/message/5KEVD4433KTOCYY6V4I7MMYKQ6URUS4L/
AF854A3A-2127-422B-91AE-364DA2661108https://lists.fedoraproject.org/archives/list/[email protected]/message/FX6IYZ6XF7B2WE66NFPNI2NHWJFI6VDF/
[email protected]https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_21.html
[email protected]https://issues.chromium.org/issues/338908243
[email protected]https://lists.fedoraproject.org/archives/list/[email protected]/message/5KEVD4433KTOCYY6V4I7MMYKQ6URUS4L/
[email protected]https://lists.fedoraproject.org/archives/list/[email protected]/message/FX6IYZ6XF7B2WE66NFPNI2NHWJFI6VDF/
GITHUBhttps://issues.chromium.org/issues/338908243

CWE Details

CWE IDCWE NameDescription
CWE-843Access of Resource Using Incompatible Type ('Type Confusion')The program allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence