AI description
CVE-2024-2887 is a type confusion vulnerability found in WebAssembly in Google Chrome versions prior to 123.0.6312.86. It can be triggered by a remote attacker who crafts a malicious HTML page. The vulnerability stems from how WebAssembly handles recursive type groups, which can lead to exceeding the maximum number of declared heap types and create opportunities for type confusion. Successful exploitation of CVE-2024-2887 allows a remote attacker to execute arbitrary code. This can lead to arbitrary read/write within the V8 memory sandbox, the ability to obtain addresses of JavaScript objects, and manipulation of object pointers. It was demonstrated at the Pwn2Own Vancouver 2024 hacking competition. Google patched this vulnerability in Chrome version 123.0.6312.86.
- Description
- Type Confusion in WebAssembly in Google Chrome prior to 123.0.6312.86 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
- Source
- chrome-cve-admin@google.com
- NVD status
- Modified
- Products
- chrome, fedora
CVSS 3.1
- Type
- Primary
- Base score
- 7.7
- Impact score
- 6
- Exploitability score
- 1
- Vector string
- CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
- Severity
- HIGH
- Hype score
- Not currently trending
Want to learn about Chrome exploitation and the role of WebAssembly in it? In our new article, we'll break down the world of WASM, how it interacts with V8, and use CVE-2024-2887 as a case study to show how flaws in WASM can lead to RCE. Read it here: https://t.co/Ojli05dmZx
@SecuriTeam_SSD
5 Aug 2025
36425 Impressions
12 Retweets
48 Likes
33 Bookmarks
0 Replies
0 Quotes
Want to learn about Chrome exploitation and the role of WebAssembly in it? In our new article, we'll break down the world of WASM, how it interacts with V8, and use CVE-2024-2887 as a case study to show how flaws in WASM can lead to RCE. Read it here: https://t.co/Ojli05dmZx
@SecuriTeam_SSD
17 Jul 2025
21828 Impressions
0 Retweets
17 Likes
16 Bookmarks
0 Replies
0 Quotes
Want to learn about Chrome exploitation and the role of WebAssembly in it? In our new article, we'll break down the world of WASM, how it interacts with V8, and use CVE-2024-2887 as a case study to show how flaws in WASM can lead to remote code execution. Read it here:
@SecuriTeam_SSD
16 Jul 2025
37562 Impressions
10 Retweets
57 Likes
44 Bookmarks
1 Reply
1 Quote
La vulnerabilidad CVE-2024-2887 en Google Chrome https://t.co/zlboHsOhfu #SeguridadInformatica
@f3nixh4ck
10 May 2025
26 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Check out my latest article: 🚨 Critical Chrome Vulnerability: CVE-2024-2887 https://t.co/ixfjr2NKv7 via @LinkedIn
@Yogeshwaran2022
19 Oct 2024
28 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EA944B1D-8AA9-4C37-BD3B-2B10B3662D54",
"versionEndExcluding": "123.0.6312.86"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9"
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646"
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CA277A6C-83EC-4536-9125-97B84C4FAF59"
}
],
"operator": "OR"
}
]
}
]