FeedlyFeedly
CVEsCVEs
Threat IntelligenceThreat Intelligence
Threat IntelligenceThreat Intelligence
Log in
ChangelogChangelog
ChangelogChangelog
Log in
Log in
Start Free Trial
Start Free Trial
FeedlyFeedly
CVEsCVEs
Threat IntelligenceThreat Intelligence
Threat IntelligenceThreat Intelligence
Log in
ChangelogChangelog
ChangelogChangelog
Log in
Log in
Start Free Trial
Start Free Trial

CVE-2024-11395

Access of Resource Using Incompatible Type ('Type Confusion') (CWE-843)

Published: Nov 19, 2024 / Updated: 8h ago

010
CVSS 8.8No EPSS yetHigh
CVE info copied to clipboard

Summary

Type Confusion vulnerability in V8 in Google Chrome prior to version 131.0.6778.85 allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability is classified as High severity by Chromium.

Impact

This vulnerability could allow an attacker to execute arbitrary code or cause a denial of service on affected systems. The impact is significant as it affects confidentiality, integrity, and availability, all rated as HIGH. An attacker could potentially gain unauthorized access to sensitive information, modify data, or disrupt normal operations of the affected Chrome browser.

Exploitation

There is no evidence that a public proof-of-concept exists. There is no evidence of proof of exploitation at the moment.

Patch

A patch is available. The vulnerability is fixed in Google Chrome version 131.0.6778.85 and later.

Mitigation

1. Update Google Chrome to version 131.0.6778.85 or later immediately. 2. If immediate updating is not possible, consider using alternative browsers until the update can be applied. 3. Implement network segmentation and strict access controls to limit potential attack vectors. 4. Educate users about the risks of visiting untrusted websites or opening suspicious HTML content. 5. Monitor systems for unusual activities that could indicate exploitation attempts.

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Timeline

Detection in Vulnerability Scanners

Detection for the vulnerability has been added to Qualys (382381)

Nov 19, 2024 at 7:53 AM
First Article

Feedly found the first article mentioning CVE-2024-11395. See article

Nov 19, 2024 at 7:56 PM / VulDB Recent Entries
CVE Assignment

NVD published the first details for CVE-2024-11395

Nov 19, 2024 at 8:15 PM
CVSS Estimate

Feedly estimated the CVSS score as HIGH

Nov 19, 2024 at 8:21 PM
CVSS

A CVSS base score of 8.8 has been assigned.

Nov 19, 2024 at 9:40 PM / nvd
Detection in Vulnerability Scanners

Detection for the vulnerability has been added to Nessus (211583)

Nov 19, 2024 at 10:15 PM
Detection in Vulnerability Scanners

Detection for the vulnerability has been added to Nessus (211584)

Nov 19, 2024 at 10:15 PM
Static CVE Timeline Graph

Affected Systems

Google/chrome
+null more

News

Google Chrome Patches High-Severity Flaw CVE-2024-11395 in Latest Stable Release
Cybersecurity News / 2h
Google has released a new stable version of its Chrome browser for desktop, addressing three security vulnerabilities, including one high-severity flaw. While Google hasn’t provided specific details about the potential impact of this vulnerability, the fact that it’s rated as “High” severity underscores the importance of updating Chrome promptly.
NA - CVE-2024-11395 - Type Confusion in V8 in Google Chrome prior to...
Security-Database Alerts Monitor : Last 100 Alerts / 5h
Type Confusion in V8 in Google Chrome prior to 131.0.6778.85 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
#cti / 5h
CVE-2024-11395 - Google Chrome V8 Type Confusion Heap Corruption Vulnerability November 19, 2024 at 08:15PM https:// ift.tt/NIQKeO3 # CVE # IOC # CTI # ThreatIntelligence # ThreatIntel # Cybersecurity # Recon
Patch My PC Catalog Update – November 19, 2024
Patch My PC / 6h
The 11/19/24 catalog release contains bug, feature and security-related updates. Scan Detection Ratio 0/60 | VirusTotal Latest Scan Results (MSI-x64)
Google Chrome < 131.0.6778.85 Vulnerability
Newest Nessus Plugins from Tenable / 7h
Nessus Plugin ID 211583 with High Severity Synopsis A web browser installed on the remote Windows host is affected by a vulnerability. Description The version of Google Chrome installed on the remote Windows host is prior to 131.0.6778.85. It is, therefore, affected by a vulnerability as referenced in the 2024_11_stable-channel-update-for-desktop_19 advisory. - Type Confusion in V8. (CVE-2024-11395) Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. Solution Upgrade to Google Chrome version 131.0.6778.85 or later. Read more at https://www.tenable.com/plugins/nessus/211583
See 13 more articles and social media posts

CVSS V3.1

Attack Vector:Network
Attack Complexity:Low
Privileges Required:None
User Interaction:Required
Scope:Unchanged
Confidentiality:High
Integrity:High
Availability Impact:High

Categories

CVSS 8.8(18246)CWE-843(541)

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI

Feedly Threat Intelligence30-day free trial