CVE-2024-4947 | Armis Vulnerability Intelligence Database

Description Preview

CVE-2024-4947 is a vulnerability identified in the V8 JavaScript engine used by Google Chrome. This vulnerability arises from a type confusion issue, which can be exploited by an attacker to execute arbitrary code within a sandboxed environment. The exploitation of this vulnerability requires the user to interact with a specially crafted HTML page, which could lead to severe consequences, including unauthorized access to sensitive data and system control. The vulnerability has been classified with a high severity rating, indicating a significant risk to users of affected versions of Chrome.

Overview

CVE ID: CVE-2024-4947
Vendor: Google
Product: Chrome
Affected Versions: All versions prior to 125.0.6422.60
Vulnerability Type: Type Confusion
Severity: High (CVSS 3.1 Base Score: 9.6, Critical)
Impact: Allows remote attackers to execute arbitrary code, potentially leading to total compromise of the affected system.

Remediation

To mitigate the risks associated with CVE-2024-4947, users are strongly advised to update their Google Chrome browser to version 125.0.6422.60 or later. This update addresses the type confusion vulnerability and enhances the overall security of the browser. Users can check for updates through the Chrome settings or download the latest version directly from the official Google Chrome website.

References

Early Warning

Customers using Armis Early Warning were notified about this vulnerability before it appeared in CISA's Known Exploited Vulnerabilities Catalog, enabling them to assess their exposure and act proactively. Armis offers these examples of CVEs already included in CISA KEV for potential customers. Click here to learn how to receive alerts earlier.

Armis Alert Date: May 15, 2024
CISA KEV Date: May 20, 2024

5days early

Industry ExposureMost to least
This section illustrates the prevalence of a specific Common Vulnerabilities and Exposures (CVE) across various industries based on customer reports. The ranking displays industries from the most to least affected by this particular vulnerability, offering valuable insight into where this CVE has been most frequently observed. This information can help organizations within these sectors prioritize their security efforts, understand their relative risk exposure compared to their peers, and focus remediation strategies where they are most needed. By understanding the industry-specific impact, organizations can make more informed decisions regarding patching, resource allocation, and overall risk management related to this CVE.

Manufacturing: Medium
Manufacturing
Public Administration: Medium
Public Administration
Health Care & Social Assistance: Medium
Health Care & Social Assistance
Educational Services: Medium
Educational Services
Transportation & Warehousing: Medium
Transportation & Warehousing
Finance and Insurance: Medium
Finance and Insurance
Retail Trade: Medium
Retail Trade
Arts, Entertainment & Recreation: Low
Arts, Entertainment & Recreation
Professional, Scientific, & Technical Services: Low
Professional, Scientific, & Technical Services
Other Services (except Public Administration): Low
Other Services (except Public Administration)
Information: Low
Information
Management of Companies & Enterprises: Low
Management of Companies & Enterprises
Utilities: Low
Utilities
Accommodation & Food Services: Low
Accommodation & Food Services
Agriculture, Forestry Fishing & Hunting: Low
Agriculture, Forestry Fishing & Hunting
Mining: Low
Mining
Real Estate Rental & Leasing: Low
Real Estate Rental & Leasing
Construction: Low
Construction
Administrative, Support, Waste Management & Remediation Services: Low
Administrative, Support, Waste Management & Remediation Services
Wholesale Trade: Low
Wholesale Trade

^{CVE-2024-4947:}Type Confusion in V8 in Google Chrome prior to version 125.0.6422.60 allows a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.