CVE-2024-0518: 
vulnerability analysis and mitigation

A type confusion vulnerability (CVE-2024-0518) was discovered in the V8 engine of Google Chrome versions prior to 120.0.6099.224. The vulnerability was reported by Ganjiang Zhou of ChaMd5-H1 team on December 3, 2023, and was officially disclosed on January 16, 2024. This high-severity issue affects Google Chrome browsers across multiple platforms (Chrome Release).

The vulnerability is classified as a type confusion flaw (CWE-843) in Chrome's V8 JavaScript engine that could potentially lead to heap corruption when triggered by a specially crafted HTML page. The issue received a CVSS v3.1 base score of 8.8 (High) with vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating high impact potential for confidentiality, integrity, and availability (NVD).

The vulnerability could allow a remote attacker to potentially exploit heap corruption through a specially crafted HTML page, potentially leading to arbitrary code execution within the context of the browser. The high CVSS score indicates significant potential impact on system confidentiality, integrity, and availability if successfully exploited (NVD).

Google has released version 120.0.6099.224 of Chrome to address this vulnerability. Users and administrators are advised to update to this version or later. The fix has also been incorporated into various Linux distributions, including Fedora 38 and 39 (Fedora Update).