CVE-2024-4947

Published May 15, 2024

Last updated 3 months ago

Exploit knownCVSS high 8.8

Overview

Description
Type Confusion in V8 in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Source
chrome-cve-admin@google.com
NVD status
Analyzed

Risk scores

CVSS 3.1

Type
Primary
Base score
8.8
Impact score
5.9
Exploitability score
2.8
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Severity
HIGH

Known exploits

Data from CISA

Vulnerability name
Google Chromium V8 Type Confusion Vulnerability
Exploit added on
May 20, 2024
Exploit action due
Jun 10, 2024
Required action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Weaknesses

nvd@nist.gov
CWE-843
134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE-843

Social media

Hype score
Not currently trending

  1. Actively exploited CVE : CVE-2024-4947

    @transilienceai

    Nov 10, 2024 5:18 PM

    12 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  2. Actively exploited CVE : CVE-2024-4947

    @transilienceai

    Nov 8, 2024 5:15 PM

    7 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  3. Actively exploited CVE : CVE-2024-4947

    @transilienceai

    Nov 5, 2024 11:38 PM

    9 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  4. Actively exploited CVE : CVE-2024-4947

    @transilienceai

    Nov 4, 2024 12:01 AM

    5 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  5. 🇷🇺🇰🇵📡🪙مجموعة القرصنة الكورية الشمالية "Lazarus" استغلت ثغرة في متصفح جوجل كروم، والتي تم تتبعها تحت رقم CVE-2024-4947، من خلال لعبة تمويل لامركزي (DeFi) مزيفة تستهدف أفراداً في مجال العملات المشفرة. https://t.co/w2UNiKi3Gg

    @FearlessKuwaiti

    Oct 31, 2024 11:54 AM

    14 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  6. #DOYOUKNOWCVE Lazarus Exploits Google Chrome Zero-Day Vulnerability! CVE-2024-4947: A Type Confusion vulnerability in Chrome’s V8 engine allows attackers to execute arbitrary code via malicious HTML pages. This critical zero-day vulnerability has been actively exploited in the…

    @Loginsoft_Inc

    Oct 30, 2024 9:13 AM

    35 Impressions

    2 Retweets

    3 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. استغلت مجموعة Lazarus Group التابعة لكوريا الشمالية ثغرة أمنية جديدة (CVE-2024-4947) في متصفح Google Chrome لاستهداف قطاع العملات المشفرة. وتضمنت استراتيجية الاستغلال التلاعب بوسائل التواصل الاجتماعي والترويج لألعاب مزيفة. تعرف على المزيد: https://t.co/Ko1DSApUeb

    @CERT_Arabic

    Oct 27, 2024 5:14 PM

    8 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. ・Lazarus(BlueNoroff) ・CVE-2024-4947 The Crypto Game of Lazarus APT: Investors vs. Zero-days https://t.co/3KyNSdd1wU 関連: https://t.co/Wr2epe1zp5 https://t.co/d8IJ8rGE13

    @tdatwja

    Oct 26, 2024 8:20 AM

    1832 Impressions

    12 Retweets

    37 Likes

    10 Bookmarks

    2 Replies

    0 Quotes

  9. Top 5 Trending CVEs: 1 - CVE-2024-47575 2 - CVE-2024-4947 3 - CVE-2023-26360 4 - CVE-2024-9264 5 - CVE-2024-20481 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W

    @CVEShield

    Oct 26, 2024 8:05 AM

    85 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. #threatreport #MediumCompleteness Lazarus Exploits Google Chrome Zero-Day to Steal Cryptocurrency in DeTankZone Campaign (CVE-2024-4947) | 24-10-2024 Source: https://t.co/DZs4IDxtdi Key details below ↓ https://t.co/kHoAspOxTd

    @rst_cloud

    Oct 25, 2024 9:33 PM

    28 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  11. MT @TheHackersNews: North Korea's Lazarus Group exploits a zero-day #vulnerability (CVE-2024-4947) in Google Chrome to target the #cryptocurrency sector. Exploitation strategy involved social media manipulation and fake game promotions. Learn more: https://t.co/EchJAFz00E https

    @VoxOptima

    Oct 25, 2024 4:02 PM

    15 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  12. Lazarus Group Exploits Google Chrome Zero-Day (CVE-2024-4947) to Control Devices via Fake Game Site Targeting Cryptocurrency Users! ⚠️ Join our telegram to learn more: 👉 https://t.co/gFqIU34Kxi

    @DeGuardVPN

    Oct 25, 2024 2:17 PM

    401 Impressions

    2 Retweets

    8 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  13. A new CVE-2024-4947 exploit targets Google Chrome, jeopardizing cryptocurrency security. Trust in platforms must be reevaluated as threats evolve.

    @Agunxoctha

    Oct 25, 2024 12:35 PM

    12 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  14. 👀 Fake Crypto Game Hides Chrome Zero-Day CVE-2024-4947 Attack by Lazarus APT https://t.co/RittjO3JXt

    @im23pds

    Oct 25, 2024 2:48 AM

    890 Impressions

    3 Retweets

    6 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  15. 🌿 How can a vulnerability like CVE-2024-4947 impact our digital world? 🤔 It's intriguing to see how cyber threats evolve alongside technology!

    @tkmfannybertel2

    Oct 25, 2024 1:24 AM

    21 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  16. The North Korean Lazarus hacking group exploited a #GoogleChrome zero-day tracked as CVE-2024-4947 through a fake decentralized finance (DeFi) game targeting individuals in the #cryptocurrency space. https://t.co/TJQyXfBvKI

    @Aceskip86

    Oct 24, 2024 2:37 PM

    40 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  17. Lazarus APT、暗号資産の偽ゲーム宣伝するサイトでChromeのゼロデイを悪用(CVE-2024-4947) https://t.co/9PLCcLSsw8 #izumino_trend

    @sec_trend

    Oct 24, 2024 2:08 PM

    20 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  18. Daily Cybersecurity News ! Date: October-23-2024 The North Korean Lazarus hacking group exploited a Google Chrome zero-day tracked as CVE-2024-4947 through a fake decentralized finance (DeFi) game targeting individuals in the cryptocurrency space. #dailyCyberNews #lazarus ht

    @cyb3rf034r3ss

    Oct 24, 2024 1:20 PM

    146 Impressions

    0 Retweets

    5 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  19. 🚨Lazarus Group Exploits Google Chrome Zero-Day Vulnerability (CVE-2024-4947) to Control Infected Devices Targeting Individuals in the Cryptocurrency Sector. 🚨 https://t.co/MlF7TpnbRv

    @H4ckManac

    Oct 24, 2024 10:42 AM

    4546 Impressions

    14 Retweets

    31 Likes

    6 Bookmarks

    0 Replies

    4 Quotes

  20. The North Korean Lazarus #hacking group exploited a Google Chrome zero-day tracked as CVE-2024-4947 through a fake decentralized finance (DeFi) game targeting individuals in the #cryptocurrency space☝️🤖 https://t.co/1M7IxlBD4w https://t.co/nUFSldv2SI

    @manuelbissey

    Oct 24, 2024 10:05 AM

    46 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  21. North Korea's Lazarus Group exploits a zero-day #vulnerability (CVE-2024-4947) in Google Chrome to target the #cryptocurrency sector. Exploitation strategy involved social media manipulation and fake game promotions. Learn more: https://thehack... https://t.co/gAPMze2sq4

    @IT_news_for_all

    Oct 24, 2024 9:55 AM

    25 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  22. 【 #仮想通貨 #ビットコイン 最新ニュース】 ⭐️Lazarus APT、暗号資産の偽ゲーム宣伝するサイトでChromeのゼロデイを悪用(CVE-2024-4947) ⭐️ https://t.co/vZ9Q9Nhyvs

    @CoinmatomeNews

    Oct 24, 2024 7:50 AM

    205 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  23. The North Korean Lazarus hacking group exploited a Google Chrome zero-day tracked as CVE-2024-4947 through a fake decentralized finance (DeFi) game targeting individuals in the cryptocurrency space. Kaspersky discovered the attacks on May 13, 2024, and reported the Chrome… https

    @CypherTechLabs

    Oct 23, 2024 9:35 PM

    42 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  24. Lazarus APT Hackers Exploit Chrome Zero-Day via Cryptocurrency Game: https://t.co/nrYuoA8qen The Lazarus APT group exploited a zero-day vulnerability (CVE-2024-4947) in Google Chrome through a cryptocurrency-themed game on detankzone[.]com, detected by Kaspersky on May 13, 2024.

    @securityRSS

    Oct 23, 2024 9:35 PM

    52 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  25. The #NorthKorean #Lazarus hacking group exploited a Google Chrome zero-day tracked as CVE-2024-4947 through a fake decentralized finance (DeFi) game targeting individuals in the cryptocurrency space. #Hacking #cybersecurity https://t.co/wMBJUipAq4

    @YourAnonRiots

    Oct 23, 2024 7:30 PM

    341 Impressions

    3 Retweets

    6 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  26. Fake Crypto Game Hides Chrome Zero-Day CVE-2024-4947 Attack by Lazarus APT https://t.co/utp7YzkbcO

    @Dinosn

    Oct 23, 2024 2:48 PM

    2907 Impressions

    9 Retweets

    29 Likes

    4 Bookmarks

    0 Replies

    0 Quotes

  27. "Lazarus APT steals cryptocurrency and user data via a decoy MOBA game" published by @Kaspersky. #CVE-2024-4947, #DeFiTankLand, #Lazarus, #Manuscrypt, #BlueNoroff, #DPRK, #CTI https://t.co/8UdREv3ZH0

    @lazarusholic

    Oct 23, 2024 1:30 PM

    334 Impressions

    6 Retweets

    8 Likes

    5 Bookmarks

    0 Replies

    0 Quotes

  28. Want to know how video games, cryptocurrency, North Korea and 0-days can all go together? Learn the story of CVE-2024-4947 https://t.co/3WmYKm0U9v

    @oct0xor

    Oct 23, 2024 12:00 PM

    12017 Impressions

    40 Retweets

    104 Likes

    28 Bookmarks

    0 Replies

    4 Quotes

Configurations

References