Login Sign Up

CVE-2024-0519

8.8 HIGH

📋 TL;DR

This vulnerability allows a remote attacker to exploit heap corruption in Google Chrome's V8 JavaScript engine via a crafted HTML page. Attackers could potentially execute arbitrary code or cause denial of service. All users running vulnerable versions of Chrome are affected.

💻 Affected Systems

Products:
  • Google Chrome
  • Chromium-based browsers
Versions: Prior to 120.0.6099.224
Operating Systems: Windows, Linux, macOS, Android
Default Config Vulnerable: ⚠️ Yes
Notes: All default Chrome configurations are vulnerable. Other Chromium-based browsers may also be affected.

📦 What is this software?

Chrome by Google

Google Chrome is the world's most popular web browser, used by over 3 billion users globally across Windows, macOS, Linux, Android, and iOS platforms. As a Chromium-based browser developed by Google, Chrome dominates the browser market with approximately 65% market share, making it a critical compon...

Learn more about Chrome →

Couchbase Server by Couchbase

View all CVEs affecting Couchbase Server →

Fedora by Fedoraproject

View all CVEs affecting Fedora →

Fedora by Fedoraproject

View all CVEs affecting Fedora →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to full system compromise, data theft, or ransomware deployment.

🟠

Likely Case

Browser crash/denial of service or limited code execution within browser sandbox.

🟢

If Mitigated

Minimal impact if browser sandboxing works effectively, potentially just a tab crash.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Exploitation requires user to visit malicious webpage. No public exploit code available at disclosure.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 120.0.6099.224

Vendor Advisory: https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_16.html

Restart Required: Yes

Instructions:

1. Open Chrome. 2. Click three-dot menu → Help → About Google Chrome. 3. Chrome will automatically check for and install update. 4. Click 'Relaunch' to restart Chrome.

🔧 Temporary Workarounds

Disable JavaScript

all

Prevents execution of malicious JavaScript that could trigger the vulnerability

Use browser extensions to block scripts

all

Extensions like NoScript or uBlock Origin can block JavaScript execution on untrusted sites

🧯 If You Can't Patch

  • Restrict browser usage to trusted websites only
  • Implement network filtering to block malicious domains

🔍 How to Verify

Check if Vulnerable:

Check Chrome version: chrome://version/ and verify if version is below 120.0.6099.224

Check Version:

chrome://version/

Verify Fix Applied:

Confirm Chrome version is 120.0.6099.224 or higher via chrome://version/

📡 Detection & Monitoring

Log Indicators:

  • Chrome crash reports
  • Unexpected browser process termination
  • Sandbox escape attempts

Network Indicators:

  • Requests to known malicious domains hosting exploit code
  • Unusual JavaScript execution patterns

SIEM Query:

source="chrome_crash_reports" AND (process="chrome.exe" OR process="chrome") AND severity="HIGH"

📊 Metadata

CVE ID: CVE-2024-0519
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-787
Published: January 16, 2024
Last Updated: October 24, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-0519, you might also want to check these:

CVE-2022-43604 10.0

CVE-2022-43604 is a critical out-of-bounds write vulnerability in the OpENer EtherNet/IP stack that ...

Same vulnerability type (CWE-787)
CVE-2025-24201 10.0

This critical vulnerability allows malicious web content to break out of the Web Content sandbox via...

Same vulnerability type (CWE-787)
CVE-2020-14871 10.0

This is a critical buffer overflow vulnerability (CWE-787) in Oracle Solaris's Pluggable Authenticat...

Same vulnerability type (CWE-787)