FeedlyFeedly
CVEsCVEs
Threat IntelligenceThreat Intelligence
Threat IntelligenceThreat Intelligence
Log in
ChangelogChangelog
ChangelogChangelog
Log in
Log in
Start Free Trial
Start Free Trial
FeedlyFeedly
CVEsCVEs
Threat IntelligenceThreat Intelligence
Threat IntelligenceThreat Intelligence
Log in
ChangelogChangelog
ChangelogChangelog
Log in
Log in
Start Free Trial
Start Free Trial

Exploit
CVE-2024-1939

Access of Resource Using Incompatible Type ('Type Confusion') (CWE-843)

Published: Feb 29, 2024 / Updated: 8mo ago

010
CVSS 8.8EPSS 0.04%High
CVE info copied to clipboard

Summary

Type Confusion in V8 in Google Chrome prior to version 122.0.6261.94 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability has been classified as High severity by Chromium.

Impact

This vulnerability could lead to heap corruption, which may result in arbitrary code execution, information disclosure, or denial of service. The CVSS v3.1 score of 8.8 (High) indicates severe potential impacts on confidentiality, integrity, and availability of the affected system. An attacker successfully exploiting this vulnerability could gain the ability to execute arbitrary code within the context of the browser, potentially leading to unauthorized access to sensitive information, modification of data, or disruption of services.

Exploitation

One proof-of-concept exploit is available on github.com. There is no evidence of proof of exploitation at the moment.

Patch

A patch is available. Google has released Chrome version 122.0.6261.94 which addresses this vulnerability. Microsoft has also released an update to address this issue in their Chromium-based browsers.

Mitigation

1. Immediately update Google Chrome to version 122.0.6261.94 or later. 2. For Chromium-based Microsoft browsers, apply the latest Microsoft security updates. 3. Implement network segmentation and restrict access to untrusted websites. 4. Use browser security features like site isolation and content security policies. 5. Educate users about the risks of visiting untrusted websites or opening suspicious links. 6. Consider using browser extensions that block potentially malicious content. 7. Regularly monitor for and apply security updates across all systems and applications.

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Timeline

First Article

Feedly found the first article mentioning CVE-2024-1939. See article

Feb 27, 2024 at 9:43 PM / Newest Nessus Plugins from Tenable
CVE Assignment

NVD published the first details for CVE-2024-1939

Feb 28, 2024 at 5:43 PM
Detection in Vulnerability Scanners

Detection for the vulnerability has been added to Qualys (6000497)

Feb 28, 2024 at 6:15 PM
Detection in Vulnerability Scanners

Detection for the vulnerability has been added to Nessus (191123)

Feb 29, 2024 at 12:16 AM
CVSS Estimate

Feedly estimated the CVSS score as HIGH

Feb 29, 2024 at 1:17 AM
EPSS

EPSS Score was set to: 0.04% (Percentile: 6.9%)

Feb 29, 2024 at 3:01 PM
CVSS

A CVSS base score of 8.8 has been assigned.

Aug 27, 2024 at 9:40 PM / nvd
Static CVE Timeline Graph

Affected Systems

Google/chrome
+null more

Exploits

https://github.com/rycbar77/CVE-2024-1939
+null more

Patches

Google Chrome chrome-122.0.6261.94
+null more

Vendor Advisory

Stable Channel Update for Desktop
Chrome Releases / 8mo
We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel. This update includes 4 security fixes.

News

@P4nda20371774 2024年11月05日 21時11分21秒
PSIRT向け検索結果 2024-11-05 23:15:52.373679+09:00 / 14d
Our slides about WASM bugs in browsers are now available. Thanks to everyone who helped with the talk. Hope we can do better next time. 1. BH USA 2024: http:// i.blackhat.com/BH-US-24/Prese ntations/US24-Liu-Achilles-Heel-of-JS-Engines-Exploiting-Modern-Browsers-During-WASM-Execution.pdf … 2. GeekCon Shanghai 2024: https:// geekcon.top/js/pdfjs/web/v iewer.html?file=/doc/ppt/Bucket_Effect_on_JS_Engine_Exploiting_Chrome_Browser_through_WASM_Flaws_v1.0.pdf … cc my partners ( @p1umer @xmzyshypnc1 @q1iqF ) My Chrome RCE bug(CVE-2024-1939) mentioned in our BlackHat USA 2024 talk was public now. More information not mentioned in the issue will be included in our coming soon slide. So regret unable to attend Blackhat USA and BugSWAT Vegas in person due to some personal reason.
28.869
FortiGuard Labs | Internet of Things Intrusion Prevention Service Updates / 57d
Newly Added (3) Western.Digital.My.Cloud.PR2100.home_mgr.cgi.Command.Injection Cisco.Devices.CVE-2018-0125.Command.Injection VICIdial.VERM_AJAX_functions.php.SQL.Injection Modified (12) Amadey.Botnet Adobe.Acrobat.XPS.PageContent.Handling.Memory.Corruption Adobe.Acrobat.CVE-2024-39420.Race.Condition rConfig.ajaxArchiveFiles.php.Command.Injection Frangoteam.FUXA.download.Local.File.Inclusion WordPress.Dokan.Pro.admin.SQL.Injection HSC.Mailinspector.loader.Path.Traversal TVT.NVMS-9000.Information.Disclosure Bazarr.swaggerui.Path.Traversal VMware.Spring.Cloud.Data.Flow.Skipper.Arbitrary.File.Upload Google.Chrome.V8.CVE-2024-1939.Type.Confusion NETGEAR.Devices.PNPX_GetShareFolderList.Authentication.Bypass
28.865
FortiGuard Labs | Internet of Things Intrusion Prevention Service Updates / 2mo
Newly Added (11) Layer5.Meshery.order.SQL.Injection DD-WRT.UPNP.CVE-2021-27137.uuid.Buffer.Overflow WordPress.Quiz.Maker.admin-ajax.SQL.Injection Netis.Devices.user_ok.Buffer.Overflow VMware.Spring.Cloud.Data.Flow.Skipper.Arbitrary.File.Upload Google.Chrome.V8.CVE-2024-1939.Type.Confusion Tananaev.Solutions.Traccar.devices.Arbitrary.File.Upload Apache.HTTP.Server.mod_proxy.apr_uri_parse.DoS Notemark.Editor.CVE-2024-41819.Stored.XSS Google.Chrome.V8.CVE-2024-5274.Type.Confusion LOYTEC.LWEB-802.Preinstalled.Version.Authentication.Bypass Modified (48) MS.Office.EQNEDT32.EXE.Equation.Parsing.Memory.Corruption MS.Office.Word.Mismatched.Style.Memory.Corruption Apache.HugeGraph.Gremlin.Command.Injection Google.Chrome.V8.CVE-2024-4947.Type.Confusion Apache.Tomcat.Chunked.Transfer.DoS Remote.CMD.Shell NextGen.Healthcare.Mirth.Connect.Command.Injection Adobe.Acrobat.CVE-2023-26369.Out-of-Bounds.Write PHP.Malicious.Shell SysAid.On-Premise.Tomcat.Path.Traversal Moment.js.CVE-2022-24785.Path.Traversal Google.Chrome.V8.CVE-2024-4761.Out-of-Bounds.Write Multiple.Vendors.getcfg.php.Information.Disclosure Apache.OFBiz.CVE-2022-25813.createAnonContact.SSTI PyroCMS.CVE-2023-29689.Edit.Role.SSTI MotoCMS.Store.Template.CVE-2023-36210.SSTI Grav.CMS.CVE-2024-28116.Twig.SSTI Magnolia.CMS.CVE-2021-46362.Registration.SSTI Diyhi.bbs.CVE-2021-43097.TemplateManageAction.SSTI Rejetto.HFS.CVE-2024-23692.SSTI Splunk.Enterprise.modules.messaging.Path.Traversal Gotenberg.File.Upload.Path.Traversal Ruijie.RG-BCR860.Network.Diagnostic.Command.Injection Zyxel.NAS.simZysh.setCookie.Code.Injection NUUO.NVR.Devices.Debugging.Center.Command.Injection Stition.AI.Devika.snapshot_path.Path.Traversal TOTOLINK.A3700R.UploadCustomModule.Buffer.Overflow DZS.GPON.ONT.CVE-2019-10677.Stored.XSS TOTOLINK.Devices.getSaveConfig.Buffer.Overflow TOTOLINK.A7000R.loginAuth.Buffer.Overflow TOTOLINK.Devices.setParentalRules.Buffer.Overflow Vodafone.H-500-S.Activation.Information.Disclosure ECOA.Configuration.Download.Information.Disclosure Foscam.R4M.UDTMediaServer.Buffer.Overflow Dahua.Products.NetKeyboard.Authentication.Bypass Dahua.Products.Loopback.Authentication.Bypass TP-Link.ViGi.onvif_discovery.Buffer.Overflow Swissphone.DiCal-RED.4009.fdmcgiwebv2.cgi.Path.Traversal Swissphone.DiCal-RED.4009.fdmcgiwebv2.cgi.Authentication.Bypass Softaculous.Webuzo.fpass.Authentication.Bypass Softaculous.Webuzo.Password.Reset.Command.Injection Softaculous.Webuzo.FTP.Management.Command.Injection Zyxel.VPN.Series.Devices.CVE-2023-33012.Command.Injection Atlassian.Fisheye.Login.Brute.Force Google.Chrome.V8.BuildElementAccess.Type.Confusion Apple.Safari.WebKit.matchAssertionBOL.Out-of-Bounds.Read Google.Chrome.V8.ConstructNewMap.Memory.Corruption Atlassian.Bitbucket.CVE-2022-26133.Remote.Code.Execution
28.864
FortiGuard Labs | Internet of Things Intrusion Prevention Service Updates / 2mo
Modified (20) Google.Chrome.V8.CVE-2024-4947.Type.Confusion Apache.HugeGraph.Gremlin.Command.Injection Google.Chrome.V8.CVE-2024-4761.Out-of-Bounds.Write NextGen.Healthcare.Mirth.Connect.Command.Injection SysAid.On-Premise.Tomcat.Path.Traversal MS.Office.Word.Mismatched.Style.Memory.Corruption D-Link.DIR.Devices.getcfg.php.Information.Disclosure Splunk.Enterprise.modules.messaging.Path.Traversal Gotenberg.File.Upload.Path.Traversal Zyxel.NAS.simZysh.setCookie.Code.Injection NUUO.NVR.Devices.Debugging.Center.Command.Injection Foscam.R4M.UDTMediaServer.Buffer.Overflow Dahua.Products.NetKeyboard.Authentication.Bypass Dahua.Products.Loopback.Authentication.Bypass TP-Link.ViGi.onvif_discovery.Buffer.Overflow Swissphone.DiCal-RED.4009.fdmcgiwebv2.cgi.Path.Traversal Swissphone.DiCal-RED.4009.fdmcgiwebv2.cgi.Authentication.Bypass Softaculous.Webuzo.fpass.Authentication.Bypass Softaculous.Webuzo.Password.Reset.Command.Injection Softaculous.Webuzo.FTP.Management.Command.Injection Removed (5) Layer5.Meshery.order.SQL.Injection WordPress.Quiz.Maker.admin-ajax.SQL.Injection VMware.Spring.Cloud.Data.Flow.Skipper.Arbitrary.File.Upload Google.Chrome.V8.CVE-2024-1939.Type.Confusion Tananaev.Solutions.Traccar.devices.Arbitrary.File.Upload
28.863
FortiGuard Labs | Internet of Things Intrusion Prevention Service Updates / 2mo
Newly Added (5) Layer5.Meshery.order.SQL.Injection WordPress.Quiz.Maker.admin-ajax.SQL.Injection VMware.Spring.Cloud.Data.Flow.Skipper.Arbitrary.File.Upload Google.Chrome.V8.CVE-2024-1939.Type.Confusion Tananaev.Solutions.Traccar.devices.Arbitrary.File.Upload Modified (21) MS.Office.EQNEDT32.EXE.Equation.Parsing.Memory.Corruption MS.Office.Word.Mismatched.Style.Memory.Corruption Apache.HugeGraph.Gremlin.Command.Injection Google.Chrome.V8.CVE-2024-4947.Type.Confusion NextGen.Healthcare.Mirth.Connect.Command.Injection SysAid.On-Premise.Tomcat.Path.Traversal Google.Chrome.V8.CVE-2024-4761.Out-of-Bounds.Write Multiple.Vendors.getcfg.php.Information.Disclosure Splunk.Enterprise.modules.messaging.Path.Traversal Gotenberg.File.Upload.Path.Traversal Zyxel.NAS.simZysh.setCookie.Code.Injection NUUO.NVR.Devices.Debugging.Center.Command.Injection Foscam.R4M.UDTMediaServer.Buffer.Overflow Dahua.Products.NetKeyboard.Authentication.Bypass Dahua.Products.Loopback.Authentication.Bypass TP-Link.ViGi.onvif_discovery.Buffer.Overflow Swissphone.DiCal-RED.4009.fdmcgiwebv2.cgi.Path.Traversal Swissphone.DiCal-RED.4009.fdmcgiwebv2.cgi.Authentication.Bypass Softaculous.Webuzo.fpass.Authentication.Bypass Softaculous.Webuzo.Password.Reset.Command.Injection Softaculous.Webuzo.FTP.Management.Command.Injection
See 46 more articles and social media posts

CVSS V3.1

Attack Vector:Network
Attack Complexity:Low
Privileges Required:None
User Interaction:Required
Scope:Unchanged
Confidentiality:High
Integrity:High
Availability Impact:High

Categories

CVSS 8.8(18246)CWE-843(541)

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI

Feedly Threat Intelligence30-day free trial