CVE-2024-6772 – This vulnerability in Chrome's V8 JavaScript en... (How to Fix)

Q: What is the severity of CVE-2024-6772?

CVE-2024-6772 has a CVSS score of 8.8 (HIGH). This vulnerability in Chrome's V8 JavaScript engine allows attackers to perform out-of-bounds memory access via malicious HTML pages. It affects all users running vulnerable Chrome versions, potentially leading to arbitrary code execution. The high CVSS score reflects the serious impact of successful exploitation.

📋 TL;DR

This vulnerability in Chrome's V8 JavaScript engine allows attackers to perform out-of-bounds memory access via malicious HTML pages. It affects all users running vulnerable Chrome versions, potentially leading to arbitrary code execution. The high CVSS score reflects the serious impact of successful exploitation.

💻 Affected Systems

Products:

Google Chrome
Chromium-based browsers

Versions: Prior to 126.0.6478.182

Operating Systems: Windows, macOS, Linux, Android, iOS

Default Config Vulnerable: ⚠️ Yes

Notes: All default Chrome installations are vulnerable. Other Chromium-based browsers may also be affected.

📦 What is this software?

Chrome by Google

Google Chrome is the world's most popular web browser, used by over 3 billion users globally across Windows, macOS, Linux, Android, and iOS platforms. As a Chromium-based browser developed by Google, Chrome dominates the browser market with approximately 65% market share, making it a critical compon...

Learn more about Chrome →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, or ransomware deployment.

🟠

Likely Case

Browser crash, memory corruption, or limited code execution within the browser sandbox.

🟢

If Mitigated

No impact if patched; limited impact if sandboxing works as designed.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires user interaction (visiting malicious page). No public exploit code known at this time.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 126.0.6478.182

Vendor Advisory: https://chromereleases.googleblog.com/2024/07/stable-channel-update-for-desktop.html

Restart Required: Yes

Instructions:

1. Open Chrome. 2. Click three-dot menu → Help → About Google Chrome. 3. Chrome will automatically check for and install updates. 4. Click 'Relaunch' to restart Chrome.

🔧 Temporary Workarounds

Disable JavaScript

all

Prevents exploitation by disabling JavaScript execution in Chrome

Use Site Isolation

all

Enhances Chrome's site isolation feature to limit impact

🧯 If You Can't Patch

Restrict browsing to trusted websites only
Implement web filtering to block malicious sites

🔍 How to Verify

Check if Vulnerable:

Check Chrome version in Settings → About Chrome. If version is below 126.0.6478.182, system is vulnerable.

Check Version:

chrome://version/

Verify Fix Applied:

Confirm Chrome version is 126.0.6478.182 or higher after update.

📡 Detection & Monitoring

Log Indicators:

Chrome crash reports
Memory access violation logs
Sandbox escape attempts

Network Indicators:

Requests to known malicious domains hosting exploit code

SIEM Query:

source="chrome" AND (event_type="crash" OR message="*out of bounds*" OR message="*memory access*")

📊 Metadata

CVE ID: CVE-2024-6772

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-787

Published: July 16, 2024

Last Updated: December 26, 2024

🔗 References

https://chromereleases.googleblog.com/2024/07/stable-channel-update-for-desktop.html Release Notes
https://issues.chromium.org/issues/346597059 Exploit,Issue Tracking
https://chromereleases.googleblog.com/2024/07/stable-channel-update-for-desktop.html Release Notes
https://issues.chromium.org/issues/346597059 Exploit,Issue Tracking

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-6772, you might also want to check these: