SentinelOne
CVE Vulnerability Database
Vulnerability Database/CVE-2024-4761

CVE-2024-4761: Google Chrome V8 Engine RCE Vulnerability

CVE-2024-4761 is an out of bounds write vulnerability in Google Chrome's V8 JavaScript engine that enables remote code execution through crafted HTML pages. This article covers the technical details, affected versions, and steps to protect your browser.

Updated:

CVE-2024-4761 Overview

Out of bounds write in V8 in Google Chrome prior to 124.0.6367.207 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)

Critical Impact

This vulnerability could allow an attacker remote execution capabilities, compromising system integrity and confidentiality.

Affected Products

  • google chrome
  • fedoraproject fedora
  • Not Available

Discovery Timeline

  • Not Available - Vulnerability discovered by Not Available
  • Not Available - Responsible disclosure to google
  • Not Available - CVE CVE-2024-4761 assigned
  • Not Available - google releases security patch
  • 2024-05-14T16:17:35.810 - CVE CVE-2024-4761 published to NVD
  • 2025-10-24T14:07:18.437 - Last updated in NVD database

Technical Details for CVE-2024-4761

Vulnerability Analysis

The vulnerability involves an out of bounds write in the V8 component of Google Chrome, which could allow memory corruption and potentially provide a vector for remote code execution.

Root Cause

Improper bounds checking in the array handling mechanisms of the V8 engine, leading to unintended data writes.

Attack Vector

Attackers can exploit this via a network vector by tricking users into accessing a specially crafted HTML page that executes malicious scripts.

javascript
// Example exploitation code (sanitized)
<script>
  var buffer = new ArrayBuffer(64);
  var intView = new Int32Array(buffer);
  
  // Incorrect bounds handling
  intView[-1] = 31337; // Out of bounds write example
</script>

Detection Methods for CVE-2024-4761

Indicators of Compromise

  • Unexpected application crashes
  • Anomalous outbound traffic
  • Memory corruption alerts

Detection Strategies

Monitor for scripts that perform out of bounds operations in the V8 engine, particularly in network-received payloads. Use heuristic scanning to detect atypical memory usage patterns.

Monitoring Recommendations

Deploy script scanning solutions with behavioral threat detection capabilities. Utilize network monitoring to identify unusual HTML or JavaScript traffic patterns.

How to Mitigate CVE-2024-4761

Immediate Actions Required

  • Update Google Chrome to version 124.0.6367.207 or later
  • Implement strict Content Security Policy (CSP) rules
  • Disable JavaScript on untrusted sites

Patch Information

Google has provided a patch in version 124.0.6367.207 and later, addressing the bounds checking vulnerabilities in the V8 engine.

Workarounds

Restrict JavaScript execution and employ security features like sandboxing to limit the impact of potential exploitation attempts.

bash
# Configuration example
echo "@pref set pref.global.sandbox true" >> /etc/chrome.conf

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Experience the World’s Most Advanced Cybersecurity Platform

Experience the World’s Most Advanced Cybersecurity Platform

See how our intelligent, autonomous cybersecurity platform can protect your organization now and into the future.

Try SentinelOne