PT-2024-4025 · Google+5 · Google Chrome+5

Brendon Tiszka

+1

·

Published

2023-09-18

·

Updated

2025-09-29

·

CVE-2024-5274

CVSS v3.1

9.6

Critical

VectorAV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 125.0.6422.112
Description: The issue is related to a type confusion vulnerability in the V8 engine of Google Chrome, which can be exploited by a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. This vulnerability has been actively exploited in the wild, with APT29 using it to target Android users. A Proof-of-Concept (PoC) exploit has been made public. The vulnerability is considered high severity by Chromium.
Recommendations: For Google Chrome versions prior to 125.0.6422.112, update to version 125.0.6422.112 or later to fix the issue. As a temporary workaround, consider restricting access to potentially vulnerable API endpoints or disabling the use of specific features that may be exploited until a patch is available.

Exploit

Fix

Type Confusion

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-843

Related Identifiers

ALSA-2023_5184
ALSA-2023_5200
ALSA-2023_5201
ALSA-2023_5214
ALSA-2023_5224
ALSA-2023_5309
ALSA-2023_5434
ALSA-2023_5435
ALSA-2023_5537
ALSA-2023_5539
ALSA-2024_1607
ALSA-2024_2394
ALSA-2024_7958
ALSA-2024_7977
ALSA-2024_8024
ALSA-2024_8025
ALSA-2024_9144
ALSA-2024_9552
ALSA-2024_9554
ALSA-2024_9636
ALSA-2025_12746
ALSA-2025_12752
ALSA-2025_12753
ALSA-2025_16880
ALSA-2025_2863
ALSA-2025_2864
ALT-PU-2024-10294
ALT-PU-2024-10425
ALT-PU-2024-10427
ALT-PU-2024-11865
ALT-PU-2024-14286
ALT-PU-2024-14830
ALT-PU-2024-15041
ALT-PU-2024-15575
ALT-PU-2024-8361
BDU:2024-04460
CVE-2024-5274
DSA-5697-1
MGASA-2024-0196
OPENSUSE-SU-2024:0142-1
OPENSUSE-SU-2024:0156-1
OPENSUSE-SU-2024:14004-1
OPENSUSE-SU-2024_0142-1
OPENSUSE-SU-2024_0156-1

Affected Products

Alt Linux
Astra Linux
Debian
Google Chrome
Red Os
Suse