CVE-2024-2887 : Type Confusion in WebAssembly in Google Chrome prior to 123.0.6312.86 allowed a

Type Confusion in WebAssembly in Google Chrome prior to 123.0.6312.86 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

Published 2024-03-26 20:09:34

Updated 2025-03-28 20:15:22

Source Chrome

View at NVD, CVE.org

Vulnerability category: Execute code

Products affected by CVE-2024-2887

Google » Chrome
Versions before (<) 123.0.6312.86
cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
Matching versions
Fedoraproject » Fedora » Version: 38
cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
Matching versions
Fedoraproject » Fedora » Version: 39
cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*
Matching versions
Fedoraproject » Fedora » Version: 40
cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2024-2887

EPSS FAQ

3.41%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 87 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2024-2887

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
8.1	HIGH	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H	1.4	6.0	134c704f-9b21-4f2e-91b3-4a467353bcc0	2024-07-03
Attack Vector: Local Attack Complexity: High Privileges Required: None User Interaction: None Scope: Changed Confidentiality: High Integrity: High Availability: High
7.7	HIGH	CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H	1.0	6.0	NIST	2024-12-20
Attack Vector: Local Attack Complexity: High Privileges Required: None User Interaction: Required Scope: Changed Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2024-2887

CWE-843 Access of Resource Using Incompatible Type ('Type Confusion')

The product allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.
Assigned by:
- 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)
- nvd@nist.gov (Primary)

References for CVE-2024-2887

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G3RKI7VTQSIAI3PVZGRCHOSELTQXQ5FQ/

[SECURITY] Fedora 39 Update: chromium-123.0.6312.86-1.fc39 - package-announce - Fedora Mailing-Lists
Mailing List

CVEs referencing this url
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IQMRHKDEG4J7TMRRRGUGW6GS4MVBX5IT/

[SECURITY] Fedora 38 Update: chromium-123.0.6312.86-1.fc38 - package-announce - Fedora Mailing-Lists
Mailing List

CVEs referencing this url
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3YUWGSMA5X2NQP5XEFCLRWNX6246GZ2C/

[SECURITY] Fedora 40 Update: chromium-123.0.6312.86-1.fc40 - package-announce - Fedora Mailing-Lists
Mailing List

CVEs referencing this url
https://www.zerodayinitiative.com/blog/2024/5/2/cve-2024-2887-a-pwn2own-winning-bug-in-google-chrome

Zero Day Initiative — CVE-2024-2887: A Pwn2Own Winning Bug in Google Chrome
Exploit;Third Party Advisory
https://issues.chromium.org/issues/330588502

View issue - Chromium
Exploit;Issue Tracking
https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop_26.html

Chrome Releases: Stable Channel Update for Desktop
Release Notes

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2024-2887

Products affected by CVE-2024-2887

Exploit prediction scoring system (EPSS) score for CVE-2024-2887

CVSS scores for CVE-2024-2887

CWE ids for CVE-2024-2887

References for CVE-2024-2887