CVE-2024-5274: 
vulnerability analysis and mitigation

CVE-2024-5274 is a Type Confusion vulnerability discovered in Google Chrome's V8 engine affecting versions prior to 125.0.6422.112. The vulnerability was reported by Clément Lecigne of Google's Threat Analysis Group and Brendon Tiszka of Chrome Security on May 20, 2024. This high-severity vulnerability allows a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page (Chrome Release, NVD).

The vulnerability is classified as CWE-843: Access of Resource Using Incompatible Type ('Type Confusion'). It received a CVSS v3.1 base score of 9.6 (CRITICAL) from NIST with vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H, while CISA-ADP assessed it with a score of 8.3 (HIGH) with vector CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H (NVD).

The vulnerability enables remote attackers to execute arbitrary code within the browser's sandbox environment. Given its inclusion in CISA's Known Exploited Vulnerabilities Catalog and Google's confirmation of exploitation in the wild, this vulnerability poses a significant security risk (Chrome Release).

Google has released version 125.0.6422.112/.113 for Windows, Mac, and Linux to address this vulnerability. Users and organizations are strongly advised to update their Chrome browsers to this version or later. CISA recommends either applying the vendor-provided mitigations or discontinuing use of the product if mitigations are unavailable (Chrome Release).