CVE-2024-3914

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 124.0.6367.60 Microsoft Edge (affected versions not specified)

Description The issue is related to a use-after-free vulnerability in the V8 JavaScript engine, which can be exploited by a remote attacker using a crafted HTML page, potentially leading to heap corruption. This could impact the confidentiality, integrity, and availability of protected information. The vulnerability was demonstrated at Pwn2Own 2024, showing its potential for remote code execution.

Recommendations For Google Chrome versions prior to 124.0.6367.60, update to version 124.0.6367.60 or later to resolve the issue. For Microsoft Edge, at the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting the use of the V8 JavaScript engine or avoiding the use of specially crafted HTML pages until a patch is available.