AI description
CVE-2024-4947 is a type confusion vulnerability found in the V8 JavaScript engine of Google Chrome before version 125.0.6422.60. This flaw was reported to Google by Vasily Berdnikov and Boris Larin of Kaspersky. The vulnerability affects Chrome browsers on Windows, Mac, and Linux. This vulnerability allows a remote attacker to execute arbitrary code inside a sandbox by using a crafted HTML page. A type confusion vulnerability occurs when a program attempts to access a resource using an incompatible type, potentially leading to out-of-bounds memory access and code execution.
- Description
- Type Confusion in V8 in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
- Source
- chrome-cve-admin@google.com
- NVD status
- Analyzed
- Products
- chrome, fedora
CVSS 3.1
- Type
- Primary
- Base score
- 9.6
- Impact score
- 6
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
- Severity
- CRITICAL
Data from CISA
- Vulnerability name
- Google Chromium V8 Type Confusion Vulnerability
- Exploit added on
- May 20, 2024
- Exploit action due
- Jun 10, 2024
- Required action
- Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
- Hype score
- Not currently trending
🚨 The #Google Zero-Day Threat: Unpacking #CVE-2024-4947 and the Urgent Shift to Mitigation https://t.co/Oj7E6cqSCQ Educational Purposes!
@UndercodeUpdate
1 Sept 2025
106 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 PoC released: Chrome 0day exposed A public proof-of-concept for a critical #Chrome 0day (CVE-2024-4947) has surfaced, raising the risk of remote code execution. Immediate patching is essential to mitigate potential exploitation via crafted webpages. #ransomNews #Chrome h
@ransomnews
26 Aug 2025
239 Impressions
0 Retweets
2 Likes
1 Bookmark
0 Replies
0 Quotes
Escalation methodology for CVE-2024-4947, a in-the-wild V8 type confusion bug. Shoutout to @vaber_b, @oct0xor, @buptsb, @mistymntncop, 303f06e3 and @DimitriFourny for their great research for this bug! https://t.co/dC2YFWHB6C
@bjrjk
22 Jul 2025
7837 Impressions
32 Retweets
116 Likes
54 Bookmarks
1 Reply
0 Quotes
Google patches critical Chrome zero-day (CVE-2024-4947) exploited in an espionage campaign. Update now! https://t.co/HnrTNIxSBa #CyberSecurity
@ipolyzos
23 Apr 2025
31 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2024-4947
@transilienceai
23 Nov 2024
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2024-4947
@transilienceai
20 Nov 2024
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2024-4947
@transilienceai
19 Nov 2024
14 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2024-4947
@transilienceai
10 Nov 2024
12 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2024-4947
@transilienceai
8 Nov 2024
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2024-4947
@transilienceai
5 Nov 2024
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2024-4947
@transilienceai
4 Nov 2024
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🇷🇺🇰🇵📡🪙مجموعة القرصنة الكورية الشمالية "Lazarus" استغلت ثغرة في متصفح جوجل كروم، والتي تم تتبعها تحت رقم CVE-2024-4947، من خلال لعبة تمويل لامركزي (DeFi) مزيفة تستهدف أفراداً في مجال العملات المشفرة. https://t.co/w2UNiKi3Gg
@FearlessKuwaiti
31 Oct 2024
14 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
#DOYOUKNOWCVE Lazarus Exploits Google Chrome Zero-Day Vulnerability! CVE-2024-4947: A Type Confusion vulnerability in Chrome’s V8 engine allows attackers to execute arbitrary code via malicious HTML pages. This critical zero-day vulnerability has been actively exploited in the…
@Loginsoft_Inc
30 Oct 2024
35 Impressions
2 Retweets
3 Likes
0 Bookmarks
0 Replies
0 Quotes
استغلت مجموعة Lazarus Group التابعة لكوريا الشمالية ثغرة أمنية جديدة (CVE-2024-4947) في متصفح Google Chrome لاستهداف قطاع العملات المشفرة. وتضمنت استراتيجية الاستغلال التلاعب بوسائل التواصل الاجتماعي والترويج لألعاب مزيفة. تعرف على المزيد: https://t.co/Ko1DSApUeb
@CERT_Arabic
27 Oct 2024
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
・Lazarus(BlueNoroff) ・CVE-2024-4947 The Crypto Game of Lazarus APT: Investors vs. Zero-days https://t.co/3KyNSdd1wU 関連: https://t.co/Wr2epe1zp5 https://t.co/d8IJ8rGE13
@tdatwja
26 Oct 2024
1832 Impressions
12 Retweets
37 Likes
10 Bookmarks
2 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2024-47575 2 - CVE-2024-4947 3 - CVE-2023-26360 4 - CVE-2024-9264 5 - CVE-2024-20481 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
26 Oct 2024
85 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#threatreport #MediumCompleteness Lazarus Exploits Google Chrome Zero-Day to Steal Cryptocurrency in DeTankZone Campaign (CVE-2024-4947) | 24-10-2024 Source: https://t.co/DZs4IDxtdi Key details below ↓ https://t.co/kHoAspOxTd
@rst_cloud
25 Oct 2024
28 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
MT @TheHackersNews: North Korea's Lazarus Group exploits a zero-day #vulnerability (CVE-2024-4947) in Google Chrome to target the #cryptocurrency sector. Exploitation strategy involved social media manipulation and fake game promotions. Learn more: https://t.co/EchJAFz00E https
@VoxOptima
25 Oct 2024
15 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Lazarus Group Exploits Google Chrome Zero-Day (CVE-2024-4947) to Control Devices via Fake Game Site Targeting Cryptocurrency Users! ⚠️ Join our telegram to learn more: 👉 https://t.co/gFqIU34Kxi
@DeGuardVPN
25 Oct 2024
401 Impressions
2 Retweets
8 Likes
1 Bookmark
0 Replies
0 Quotes
A new CVE-2024-4947 exploit targets Google Chrome, jeopardizing cryptocurrency security. Trust in platforms must be reevaluated as threats evolve.
@Agunxoctha
25 Oct 2024
12 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
👀 Fake Crypto Game Hides Chrome Zero-Day CVE-2024-4947 Attack by Lazarus APT https://t.co/RittjO3JXt
@im23pds
25 Oct 2024
890 Impressions
3 Retweets
6 Likes
0 Bookmarks
0 Replies
0 Quotes
🌿 How can a vulnerability like CVE-2024-4947 impact our digital world? 🤔 It's intriguing to see how cyber threats evolve alongside technology!
@tkmfannybertel2
25 Oct 2024
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The North Korean Lazarus hacking group exploited a #GoogleChrome zero-day tracked as CVE-2024-4947 through a fake decentralized finance (DeFi) game targeting individuals in the #cryptocurrency space. https://t.co/TJQyXfBvKI
@Aceskip86
24 Oct 2024
40 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Lazarus APT、暗号資産の偽ゲーム宣伝するサイトでChromeのゼロデイを悪用(CVE-2024-4947) https://t.co/9PLCcLSsw8 #izumino_trend
@sec_trend
24 Oct 2024
20 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Daily Cybersecurity News ! Date: October-23-2024 The North Korean Lazarus hacking group exploited a Google Chrome zero-day tracked as CVE-2024-4947 through a fake decentralized finance (DeFi) game targeting individuals in the cryptocurrency space. #dailyCyberNews #lazarus ht
@40sp3l
24 Oct 2024
146 Impressions
0 Retweets
5 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨Lazarus Group Exploits Google Chrome Zero-Day Vulnerability (CVE-2024-4947) to Control Infected Devices Targeting Individuals in the Cryptocurrency Sector. 🚨 https://t.co/MlF7TpnbRv
@H4ckmanac
24 Oct 2024
4546 Impressions
14 Retweets
31 Likes
6 Bookmarks
0 Replies
4 Quotes
The North Korean Lazarus #hacking group exploited a Google Chrome zero-day tracked as CVE-2024-4947 through a fake decentralized finance (DeFi) game targeting individuals in the #cryptocurrency space☝️🤖 https://t.co/1M7IxlBD4w https://t.co/nUFSldv2SI
@manuelbissey
24 Oct 2024
46 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
North Korea's Lazarus Group exploits a zero-day #vulnerability (CVE-2024-4947) in Google Chrome to target the #cryptocurrency sector. Exploitation strategy involved social media manipulation and fake game promotions. Learn more: https://thehack... https://t.co/gAPMze2sq4
@IT_news_for_all
24 Oct 2024
25 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
【 #仮想通貨 #ビットコイン 最新ニュース】 ⭐️Lazarus APT、暗号資産の偽ゲーム宣伝するサイトでChromeのゼロデイを悪用(CVE-2024-4947) ⭐️ https://t.co/vZ9Q9Nhyvs
@CoinmatomeNews
24 Oct 2024
205 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The North Korean Lazarus hacking group exploited a Google Chrome zero-day tracked as CVE-2024-4947 through a fake decentralized finance (DeFi) game targeting individuals in the cryptocurrency space. Kaspersky discovered the attacks on May 13, 2024, and reported the Chrome… https
@CypherTechLabs
23 Oct 2024
42 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Lazarus APT Hackers Exploit Chrome Zero-Day via Cryptocurrency Game: https://t.co/nrYuoA8qen The Lazarus APT group exploited a zero-day vulnerability (CVE-2024-4947) in Google Chrome through a cryptocurrency-themed game on detankzone[.]com, detected by Kaspersky on May 13, 2024.
@securityRSS
23 Oct 2024
52 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The #NorthKorean #Lazarus hacking group exploited a Google Chrome zero-day tracked as CVE-2024-4947 through a fake decentralized finance (DeFi) game targeting individuals in the cryptocurrency space. #Hacking #cybersecurity https://t.co/wMBJUipAq4
@YourAnonRiots
23 Oct 2024
341 Impressions
3 Retweets
6 Likes
0 Bookmarks
1 Reply
0 Quotes
Fake Crypto Game Hides Chrome Zero-Day CVE-2024-4947 Attack by Lazarus APT https://t.co/utp7YzkbcO
@Dinosn
23 Oct 2024
2907 Impressions
9 Retweets
29 Likes
4 Bookmarks
0 Replies
0 Quotes
"Lazarus APT steals cryptocurrency and user data via a decoy MOBA game" published by @Kaspersky. #CVE-2024-4947, #DeFiTankLand, #Lazarus, #Manuscrypt, #BlueNoroff, #DPRK, #CTI https://t.co/8UdREv3ZH0
@lazarusholic
23 Oct 2024
334 Impressions
6 Retweets
8 Likes
5 Bookmarks
0 Replies
0 Quotes
Want to know how video games, cryptocurrency, North Korea and 0-days can all go together? Learn the story of CVE-2024-4947 https://t.co/3WmYKm0U9v
@oct0xor
23 Oct 2024
12017 Impressions
40 Retweets
104 Likes
28 Bookmarks
0 Replies
4 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9EA6CD11-7561-41B3-B56A-B6D0F242EE50",
"versionEndExcluding": "125.0.6422.60"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9"
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646"
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CA277A6C-83EC-4536-9125-97B84C4FAF59"
}
],
"operator": "OR"
}
]
}
]