CVE-2024-0517: 
vulnerability analysis and mitigation

CVE-2024-0517 is a high-severity vulnerability discovered in Google Chrome's V8 JavaScript engine affecting versions prior to 120.0.6099.224. The vulnerability was reported by Toan (suto) Pham of Qrious Secure on January 6, 2024, and was patched by Google in January 2024. This security flaw affects Google Chrome browsers across Windows, macOS, and Linux operating systems (Chrome Release).

The vulnerability is classified as an out-of-bounds write in V8, Chrome's JavaScript engine. It received a CVSS v3.1 base score of 8.8 (HIGH) with a vector string of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. The flaw specifically occurs within V8's Maglev compiler during the handling of class compilation that includes parent classes, particularly in the VisitFindNonDefaultConstructorOrConstructMaglev function (Security Online).

The vulnerability could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page. If successfully exploited, the attacker could achieve remote code execution on the target system, potentially gaining the ability to execute arbitrary code (NVD, Security Online).

Google has released patches for this vulnerability. Users are strongly advised to upgrade their Chrome browsers to version 120.0.6099.224/225 for Windows, version 120.0.6099.234 for macOS, and version 120.0.6099.224 for Linux. These updates have been distributed through the stable channel (Chrome Release).