CVE-2024-2887
Advisory lineage Upstream: 0 Downstream: 5
Modified
Published: 26 Mar 2024, 20:09
Last modified:28 Mar 2025, 19:24
Vulnerability Summary
Overall Risk (default)
medium
43/100 CVSS Score
8.1 HIGH
v3.1 (cve.org)
EPSS Score
3.72% LOW
4% probability -1.03%
KEV
Not listed
Ransomware
No reports
Public exploits
2 found
Dark Web
Not detected
Timeline
26 Mar 2024, 20:09
Published
Vulnerability first disclosed
28 Mar 2025, 19:24
Last Modified
Vulnerability information updated
Description
Type Confusion in WebAssembly in Google Chrome prior to 123.0.6312.86 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
CVSS Metrics
- v3.1•HIGH•Score: 8.1CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
- v3.1•HIGH•Score: 7.7CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
EPSS Trends
Current EPSS score: 3.72%• Percentile: 88%
Techniques & Countermeasures
- CWE-843•Access of Resource Using Incompatible Type ('Type Confusion')
The product allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.
Affected Systems
- fedoraproject•fedora
38 | 39 | 40
- Unknown•Chrome
≥ 123.0.6312.86, < 123.0.6312.86 | < 123.0.6312.86
References (6)
- https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop_26.html
- https://issues.chromium.org/issues/330588502
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G3RKI7VTQSIAI3PVZGRCHOSELTQXQ5FQ/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3YUWGSMA5X2NQP5XEFCLRWNX6246GZ2C/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IQMRHKDEG4J7TMRRRGUGW6GS4MVBX5IT/
- https://www.zerodayinitiative.com/blog/2024/5/2/cve-2024-2887-a-pwn2own-winning-bug-in-google-chrome