1. Home
  2. Mapping Frameworks
  3. Known Exploited Vulnerabilities Home
  4. Google Chromium V8 Type Confusion Vulnerability

Known Exploited Vulnerabilities CVE-2024-4947 Mappings

Type Confusion in V8 in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name Notes
CVE-2024-4947 Google Chromium V8 Type Confusion Vulnerability primary_impact T1059 Command and Scripting Interpreter
Comments
CVE-2024-4947 is a type confusion vulnerability in Chrome's V8 JavaScript engine. Adversaries have been observed exploiting this vulnerability by hosting a web-based game on a site that triggered the vulnerability and executed arbitrary code. Adversaries promoted the game on social media and through emails.
References
  1. https://socradar.io/lazarus-exploits-google-chrome-zero-day-to-steal-cryptocurrency-in-detankzone-campaign-cve-2024-4947/
CVE-2024-4947 Google Chromium V8 Type Confusion Vulnerability exploitation_technique T1189 Drive-by Compromise
Comments
CVE-2024-4947 is a type confusion vulnerability in Chrome's V8 JavaScript engine. Adversaries have been observed exploiting this vulnerability by hosting a web-based game on a site that triggered the vulnerability and executed arbitrary code. Adversaries promoted the game on social media and through emails.
References
  1. https://socradar.io/lazarus-exploits-google-chrome-zero-day-to-steal-cryptocurrency-in-detankzone-campaign-cve-2024-4947/