CVE-2024-4947

Published May 15, 2024

Last updated 8 months ago

Exploit knownCVSS critical 9.6

Overview

AI description

Automated description summarized from trusted sources.

CVE-2024-4947 is a type confusion vulnerability found in the V8 JavaScript engine of Google Chrome before version 125.0.6422.60. This flaw was reported to Google by Vasily Berdnikov and Boris Larin of Kaspersky. The vulnerability affects Chrome browsers on Windows, Mac, and Linux. This vulnerability allows a remote attacker to execute arbitrary code inside a sandbox by using a crafted HTML page. A type confusion vulnerability occurs when a program attempts to access a resource using an incompatible type, potentially leading to out-of-bounds memory access and code execution.

Description
Type Confusion in V8 in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Source
chrome-cve-admin@google.com
NVD status
Analyzed

Risk scores

CVSS 3.1

Type
Primary
Base score
9.6
Impact score
6
Exploitability score
2.8
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Severity
CRITICAL

Known exploits

Data from CISA

Vulnerability name
Google Chromium V8 Type Confusion Vulnerability
Exploit added on
May 20, 2024
Exploit action due
Jun 10, 2024
Required action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Weaknesses

nvd@nist.gov
CWE-843
134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE-843

Social media

Hype score
Not currently trending

  1. Escalation methodology for CVE-2024-4947, a in-the-wild V8 type confusion bug. Shoutout to @vaber_b, @oct0xor, @buptsb, @mistymntncop, 303f06e3 and @DimitriFourny for their great research for this bug! https://t.co/dC2YFWHB6C

    @bjrjk

    22 Jul 2025

    7837 Impressions

    32 Retweets

    116 Likes

    54 Bookmarks

    1 Reply

    0 Quotes

  2. Google patches critical Chrome zero-day (CVE-2024-4947) exploited in an espionage campaign. Update now! https://t.co/HnrTNIxSBa #CyberSecurity

    @ipolyzos

    23 Apr 2025

    31 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. Actively exploited CVE : CVE-2024-4947

    @transilienceai

    23 Nov 2024

    7 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  4. Actively exploited CVE : CVE-2024-4947

    @transilienceai

    20 Nov 2024

    9 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  5. Actively exploited CVE : CVE-2024-4947

    @transilienceai

    19 Nov 2024

    14 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  6. Actively exploited CVE : CVE-2024-4947

    @transilienceai

    10 Nov 2024

    12 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  7. Actively exploited CVE : CVE-2024-4947

    @transilienceai

    8 Nov 2024

    7 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  8. Actively exploited CVE : CVE-2024-4947

    @transilienceai

    5 Nov 2024

    9 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  9. Actively exploited CVE : CVE-2024-4947

    @transilienceai

    4 Nov 2024

    5 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  10. 🇷🇺🇰🇵📡🪙مجموعة القرصنة الكورية الشمالية "Lazarus" استغلت ثغرة في متصفح جوجل كروم، والتي تم تتبعها تحت رقم CVE-2024-4947، من خلال لعبة تمويل لامركزي (DeFi) مزيفة تستهدف أفراداً في مجال العملات المشفرة. https://t.co/w2UNiKi3Gg

    @FearlessKuwaiti

    31 Oct 2024

    14 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  11. #DOYOUKNOWCVE Lazarus Exploits Google Chrome Zero-Day Vulnerability! CVE-2024-4947: A Type Confusion vulnerability in Chrome’s V8 engine allows attackers to execute arbitrary code via malicious HTML pages. This critical zero-day vulnerability has been actively exploited in the…

    @Loginsoft_Inc

    30 Oct 2024

    35 Impressions

    2 Retweets

    3 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  12. استغلت مجموعة Lazarus Group التابعة لكوريا الشمالية ثغرة أمنية جديدة (CVE-2024-4947) في متصفح Google Chrome لاستهداف قطاع العملات المشفرة. وتضمنت استراتيجية الاستغلال التلاعب بوسائل التواصل الاجتماعي والترويج لألعاب مزيفة. تعرف على المزيد: https://t.co/Ko1DSApUeb

    @CERT_Arabic

    27 Oct 2024

    8 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  13. ・Lazarus(BlueNoroff) ・CVE-2024-4947 The Crypto Game of Lazarus APT: Investors vs. Zero-days https://t.co/3KyNSdd1wU 関連: https://t.co/Wr2epe1zp5 https://t.co/d8IJ8rGE13

    @tdatwja

    26 Oct 2024

    1832 Impressions

    12 Retweets

    37 Likes

    10 Bookmarks

    2 Replies

    0 Quotes

  14. Top 5 Trending CVEs: 1 - CVE-2024-47575 2 - CVE-2024-4947 3 - CVE-2023-26360 4 - CVE-2024-9264 5 - CVE-2024-20481 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W

    @CVEShield

    26 Oct 2024

    85 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  15. #threatreport #MediumCompleteness Lazarus Exploits Google Chrome Zero-Day to Steal Cryptocurrency in DeTankZone Campaign (CVE-2024-4947) | 24-10-2024 Source: https://t.co/DZs4IDxtdi Key details below ↓ https://t.co/kHoAspOxTd

    @rst_cloud

    25 Oct 2024

    28 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  16. MT @TheHackersNews: North Korea's Lazarus Group exploits a zero-day #vulnerability (CVE-2024-4947) in Google Chrome to target the #cryptocurrency sector. Exploitation strategy involved social media manipulation and fake game promotions. Learn more: https://t.co/EchJAFz00E https

    @VoxOptima

    25 Oct 2024

    15 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  17. Lazarus Group Exploits Google Chrome Zero-Day (CVE-2024-4947) to Control Devices via Fake Game Site Targeting Cryptocurrency Users! ⚠️ Join our telegram to learn more: 👉 https://t.co/gFqIU34Kxi

    @DeGuardVPN

    25 Oct 2024

    401 Impressions

    2 Retweets

    8 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  18. A new CVE-2024-4947 exploit targets Google Chrome, jeopardizing cryptocurrency security. Trust in platforms must be reevaluated as threats evolve.

    @Agunxoctha

    25 Oct 2024

    12 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  19. 👀 Fake Crypto Game Hides Chrome Zero-Day CVE-2024-4947 Attack by Lazarus APT https://t.co/RittjO3JXt

    @im23pds

    25 Oct 2024

    890 Impressions

    3 Retweets

    6 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  20. 🌿 How can a vulnerability like CVE-2024-4947 impact our digital world? 🤔 It's intriguing to see how cyber threats evolve alongside technology!

    @tkmfannybertel2

    25 Oct 2024

    21 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  21. The North Korean Lazarus hacking group exploited a #GoogleChrome zero-day tracked as CVE-2024-4947 through a fake decentralized finance (DeFi) game targeting individuals in the #cryptocurrency space. https://t.co/TJQyXfBvKI

    @Aceskip86

    24 Oct 2024

    40 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  22. Lazarus APT、暗号資産の偽ゲーム宣伝するサイトでChromeのゼロデイを悪用(CVE-2024-4947) https://t.co/9PLCcLSsw8 #izumino_trend

    @sec_trend

    24 Oct 2024

    20 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  23. Daily Cybersecurity News ! Date: October-23-2024 The North Korean Lazarus hacking group exploited a Google Chrome zero-day tracked as CVE-2024-4947 through a fake decentralized finance (DeFi) game targeting individuals in the cryptocurrency space. #dailyCyberNews #lazarus ht

    @40sp3l

    24 Oct 2024

    146 Impressions

    0 Retweets

    5 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  24. 🚨Lazarus Group Exploits Google Chrome Zero-Day Vulnerability (CVE-2024-4947) to Control Infected Devices Targeting Individuals in the Cryptocurrency Sector. 🚨 https://t.co/MlF7TpnbRv

    @H4ckmanac

    24 Oct 2024

    4546 Impressions

    14 Retweets

    31 Likes

    6 Bookmarks

    0 Replies

    4 Quotes

  25. The North Korean Lazarus #hacking group exploited a Google Chrome zero-day tracked as CVE-2024-4947 through a fake decentralized finance (DeFi) game targeting individuals in the #cryptocurrency space☝️🤖 https://t.co/1M7IxlBD4w https://t.co/nUFSldv2SI

    @manuelbissey

    24 Oct 2024

    46 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  26. North Korea's Lazarus Group exploits a zero-day #vulnerability (CVE-2024-4947) in Google Chrome to target the #cryptocurrency sector. Exploitation strategy involved social media manipulation and fake game promotions. Learn more: https://thehack... https://t.co/gAPMze2sq4

    @IT_news_for_all

    24 Oct 2024

    25 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  27. 【 #仮想通貨 #ビットコイン 最新ニュース】 ⭐️Lazarus APT、暗号資産の偽ゲーム宣伝するサイトでChromeのゼロデイを悪用(CVE-2024-4947) ⭐️ https://t.co/vZ9Q9Nhyvs

    @CoinmatomeNews

    24 Oct 2024

    205 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  28. The North Korean Lazarus hacking group exploited a Google Chrome zero-day tracked as CVE-2024-4947 through a fake decentralized finance (DeFi) game targeting individuals in the cryptocurrency space. Kaspersky discovered the attacks on May 13, 2024, and reported the Chrome… https

    @CypherTechLabs

    23 Oct 2024

    42 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  29. Lazarus APT Hackers Exploit Chrome Zero-Day via Cryptocurrency Game: https://t.co/nrYuoA8qen The Lazarus APT group exploited a zero-day vulnerability (CVE-2024-4947) in Google Chrome through a cryptocurrency-themed game on detankzone[.]com, detected by Kaspersky on May 13, 2024.

    @securityRSS

    23 Oct 2024

    52 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  30. The #NorthKorean #Lazarus hacking group exploited a Google Chrome zero-day tracked as CVE-2024-4947 through a fake decentralized finance (DeFi) game targeting individuals in the cryptocurrency space. #Hacking #cybersecurity https://t.co/wMBJUipAq4

    @YourAnonRiots

    23 Oct 2024

    341 Impressions

    3 Retweets

    6 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  31. Fake Crypto Game Hides Chrome Zero-Day CVE-2024-4947 Attack by Lazarus APT https://t.co/utp7YzkbcO

    @Dinosn

    23 Oct 2024

    2907 Impressions

    9 Retweets

    29 Likes

    4 Bookmarks

    0 Replies

    0 Quotes

  32. "Lazarus APT steals cryptocurrency and user data via a decoy MOBA game" published by @Kaspersky. #CVE-2024-4947, #DeFiTankLand, #Lazarus, #Manuscrypt, #BlueNoroff, #DPRK, #CTI https://t.co/8UdREv3ZH0

    @lazarusholic

    23 Oct 2024

    334 Impressions

    6 Retweets

    8 Likes

    5 Bookmarks

    0 Replies

    0 Quotes

  33. Want to know how video games, cryptocurrency, North Korea and 0-days can all go together? Learn the story of CVE-2024-4947 https://t.co/3WmYKm0U9v

    @oct0xor

    23 Oct 2024

    12017 Impressions

    40 Retweets

    104 Likes

    28 Bookmarks

    0 Replies

    4 Quotes

Configurations

References

Sources include official advisories and independent security research.