Google Chromium V8 Out-of-Bounds Memory Access Vulnerability
Summary
| CVE | CVE-2024-0519 |
|---|---|
| State | PUBLISHED |
| Assigner | Unknown |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2024-01-16 22:15:00 UTC |
| Updated | 2024-01-22 19:53:00 UTC |
| Description | Google Chromium V8 Engine contains an out-of-bounds memory access vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera. |
Risk And Classification
EPSS: 0.001420000 probability, percentile 0.342060000 (date 2026-04-01)
CISA KEV: Listed on 2024-01-17; due 2024-02-07; ransomware use Unknown
Problem Types: CWE-787
CISA Known Exploited Vulnerability
| Vendor | |
|---|---|
| Product | Chromium V8 |
| Name | Google Chromium V8 Out-of-Bounds Memory Access Vulnerability |
| Required Action | Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. |
| Notes | https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_16.html; https://nvd.nist.gov/vuln/detail/CVE-2024-0519 |
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Chrome Releases: Stable Channel Update for Desktop | chromereleases.googleblog.com | Release Notes | |
| [SECURITY] Fedora 38 Update: chromium-120.0.6099.224-1.fc38 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | Mailing List | |
| [SECURITY] Fedora 39 Update: chromium-120.0.6099.224-1.fc39 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | Mailing List | |
| 1517354 - chromium - An open-source project to help move the web forward. - Monorail | crbug.com | Permissions Required | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
| CISA Known Exploited Vulnerabilities catalog | CISA | www.cisa.gov | kev |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 284867 Fedora Security Update for chromium (FEDORA-2024-049f068a8c)
- 285032 Fedora Security Update for chromium (FEDORA-2024-44b1f656a3)
- 379263 Google Chrome Prior to 120.0.6099.234 Multiple Vulnerabilities
- 379271 Microsoft Edge Based on Chromium Prior to 120.0.2210.144 Multiple Vulnerabilities
- 510687 Alpine Linux Security Update for qt6-qtwebengine
- 510689 Alpine Linux Security Update for qt5-qtwebengine
- 6000433 Debian Security Update for chromium (DSA 5602-1)
- 691399 Free Berkeley Software Distribution (FreeBSD) Security Update for chromium (1bc07be0-b514-11ee-86bb-a8a1599412c6)
- 691400 Free Berkeley Software Distribution (FreeBSD) Security Update for electron26 (2264566a-a890-46eb-a895-7881dd220bd0)
- 691406 Free Berkeley Software Distribution (FreeBSD) Security Update for qt6 (a25b323a-bed9-11ee-bdd6-4ccc6adda413)
- 691407 Free Berkeley Software Distribution (FreeBSD) Security Update for qt5 (a11e7dd1-bed4-11ee-bdd6-4ccc6adda413)
- 710863 Gentoo Linux QtWebEngine Multiple Vulnerabilities (GLSA 202402-14)
- 710872 Gentoo Linux Chromium, Google Chrome, Microsoft Edge Multiple Vulnerabilities (GLSA 202402-23)
- 755652 OpenSUSE Security Update for opera (openSUSE-SU-2024:0033-1)