CVE-2024-0812 Overview
CVE-2024-0812 is a high-severity vulnerability in Google Chrome's Accessibility component, affecting all versions prior to 121.0.6167.85. The flaw stems from an inappropriate implementation that permits object corruption when a user visits a crafted HTML page. A remote attacker can leverage this condition to potentially execute arbitrary code within the renderer process. Google's Chromium security team rated the issue as High severity, and the vulnerability also affects Chrome packages distributed through Fedora 38 and Fedora 39.
Critical Impact
Successful exploitation can lead to object corruption in the renderer, providing a foothold for arbitrary code execution and full compromise of confidentiality, integrity, and availability within the browser context.
Affected Products
- Google Chrome versions prior to 121.0.6167.85
- Fedora 38 (chromium package)
- Fedora 39 (chromium package)
Discovery Timeline
- 2024-01-24 - CVE-2024-0812 published to the National Vulnerability Database
- 2025-05-30 - Last updated in NVD database
Technical Details for CVE-2024-0812
Vulnerability Analysis
The vulnerability resides in Chrome's Accessibility subsystem, which exposes the Document Object Model (DOM) tree to assistive technologies. An inappropriate implementation in this code path allows attacker-controlled HTML and script to drive accessibility objects into an inconsistent state. The result is object corruption, a condition where internal object metadata or pointers no longer match the runtime expectations of the engine.
Exploitation requires the victim to load a crafted HTML page, which satisfies the user interaction requirement. Once triggered, the corrupted accessibility object can be manipulated to influence control flow inside the renderer process. Chromium's Accessibility tree spans both Blink and the browser process, increasing the attack surface available to a malicious page. NVD classifies the weakness under NVD-CWE-noinfo because Google has not published the underlying CWE category.
Root Cause
The root cause is an improper state handling pattern in the Accessibility implementation. When specific DOM mutations interact with the accessibility tree, the component does not maintain object invariants, leading to corruption. Internal tracking of this defect is recorded in Chromium issue 1484394.
Attack Vector
The attack vector is network-based and requires a single user action: visiting a malicious or compromised website. No authentication is required. Adversaries typically deliver such pages through phishing emails, malvertising, watering-hole compromises, or hijacked third-party content embedded in legitimate sites.
No public proof-of-concept code is available for this issue. Technical details of the exploitation primitives remain restricted in the Chromium issue tracker. Readers can review the Google Chrome Stable Update advisory and Chromium bug 1484394 for the limited disclosed details.
Detection Methods for CVE-2024-0812
Indicators of Compromise
- Chrome renderer process crashes or unexpected child process spawning shortly after navigation to an untrusted URL.
- Outbound connections from chrome.exe or chromium to newly registered or low-reputation domains following user web browsing activity.
- Browser binary versions reporting below 121.0.6167.85 in enterprise inventory telemetry.
Detection Strategies
- Inventory Chrome and Chromium versions across managed endpoints and flag any host running a build older than 121.0.6167.85.
- Monitor process lineage for anomalous child processes spawned by Chrome renderer or browser processes, which can indicate sandbox escape attempts following renderer compromise.
- Correlate web proxy logs with endpoint browsing telemetry to identify users who visited URLs flagged by threat intelligence feeds as serving exploit content.
Monitoring Recommendations
- Enable verbose process and network telemetry for browser processes and forward events to a centralized analytics platform for retrospective hunting.
- Track Chrome auto-update health and alert on endpoints whose update channel has stalled for more than seven days.
- Subscribe to the Chrome Releases blog to ingest new stable channel advisories into vulnerability management workflows.
How to Mitigate CVE-2024-0812
Immediate Actions Required
- Update Google Chrome to version 121.0.6167.85 or later on all Windows, macOS, and Linux endpoints.
- Update Fedora 38 and Fedora 39 chromium packages using dnf upgrade once the patched RPMs are available from the project repositories.
- Restart Chrome on every endpoint after the update to ensure the patched binary is loaded into memory.
- Verify deployment by checking the version reported at chrome://settings/help and through endpoint inventory queries.
Patch Information
Google released the fix in the Chrome Stable channel update for desktop on January 23, 2024. The patched version is 121.0.6167.85 for Linux and 121.0.6167.85/.86 for Windows and macOS. Fedora downstream updates are tracked in the Fedora package announcement for Fedora 38 and the Fedora package announcement for Fedora 39.
Workarounds
- Restrict browsing to trusted sites through enterprise web filtering or DNS-based protection until patching is complete.
- Enforce Chrome enterprise policies that require automatic updates and disable update deferral on managed fleets.
- Where feasible, run Chrome with the site isolation feature enabled, which limits the blast radius of renderer compromise.
# Verify and enforce Chrome update compliance on Linux endpoints
# Check installed Chrome version
google-chrome --version
# Fedora: apply chromium security update
sudo dnf upgrade --refresh chromium
# Confirm patched version is 121.0.6167.85 or later
dpkg -l google-chrome-stable 2>/dev/null | awk '/chrome/ {print $3}'
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
