Login Sign Up

CVE-2024-3174

8.8 HIGH

📋 TL;DR

This vulnerability in Chrome's V8 JavaScript engine allows attackers to corrupt memory objects through specially crafted HTML pages, potentially leading to arbitrary code execution. All users running vulnerable Chrome versions are affected when visiting malicious websites.

💻 Affected Systems

Products:
  • Google Chrome
  • Chromium-based browsers
Versions: Versions prior to 119.0.6045.105
Operating Systems: Windows, macOS, Linux, Android, iOS
Default Config Vulnerable: ⚠️ Yes
Notes: All default Chrome configurations are vulnerable. Chromium-based browsers like Edge, Brave may also be affected.

📦 What is this software?

Chrome by Google

Google Chrome is the world's most popular web browser, used by over 3 billion users globally across Windows, macOS, Linux, Android, and iOS platforms. As a Chromium-based browser developed by Google, Chrome dominates the browser market with approximately 65% market share, making it a critical compon...

Learn more about Chrome →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to full system compromise, data theft, or ransomware deployment.

🟠

Likely Case

Browser crash or sandbox escape allowing limited code execution within browser context.

🟢

If Mitigated

Browser crash with no further impact if sandbox holds and security controls are active.

🌐 Internet-Facing: HIGH - Exploitable via visiting malicious websites without user interaction beyond page load.
🏢 Internal Only: MEDIUM - Requires user to visit malicious internal pages or compromised internal sites.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Requires crafting specific HTML/JavaScript but no authentication needed. No public exploits confirmed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 119.0.6045.105 or later

Vendor Advisory: https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_31.html

Restart Required: Yes

Instructions:

1. Open Chrome 2. Click menu → Help → About Google Chrome 3. Allow update to download 4. Click 'Relaunch' when prompted

🔧 Temporary Workarounds

Disable JavaScript

all

Prevents execution of malicious JavaScript but breaks most websites

Use browser extensions to block scripts

all

Use NoScript or similar extensions to block untrusted scripts

🧯 If You Can't Patch

  • Restrict browser usage to trusted websites only
  • Implement network filtering to block malicious domains

🔍 How to Verify

Check if Vulnerable:

Check Chrome version in Settings → About Chrome. If version is below 119.0.6045.105, system is vulnerable.

Check Version:

chrome://version/ or 'google-chrome --version' on Linux/macOS

Verify Fix Applied:

Confirm Chrome version is 119.0.6045.105 or higher in About Chrome page.

📡 Detection & Monitoring

Log Indicators:

  • Chrome crash reports
  • Unexpected browser termination events
  • Security event logs showing script execution

Network Indicators:

  • Requests to known malicious domains hosting exploit code
  • Unusual outbound connections after visiting websites

SIEM Query:

source="chrome" AND (event="crash" OR event="termination") AND version<"119.0.6045.105"

📊 Metadata

CVE ID: CVE-2024-3174
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-79
Published: July 16, 2024
Last Updated: March 20, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-3174, you might also want to check these:

CVE-2021-39199 10.0

CVE-2021-39199 is a critical cross-site scripting (XSS) vulnerability in the remark-html Node.js lib...

Same vulnerability type (CWE-79)
CVE-2021-32671 10.0

This vulnerability in Flarum forum software allows attackers to inject malicious HTML/JavaScript int...

Same vulnerability type (CWE-79)
CVE-2021-32798 10.0

CVE-2021-32798 is a critical vulnerability in Jupyter Notebook that allows malicious notebook files ...

Same vulnerability type (CWE-79)