What is CVE-2024-2887?

A high-severity type confusion vulnerability in Google Chrome prior to version 123.0.6312.86 allows remote attackers to execute arbitrary code via crafted HTML. Immediate patching is crucial to prevent exploitation.

What is the severity of CVE-2024-2887?

CVE-2024-2887 has a severity rating of HIGH with a CVSS base score of 7.7.

CVE-2024-2887 | Google

The vulnerability identified as CVE-2024-2887 is classified as a high-severity issue in Google Chrome. This vulnerability allows remote attackers to execute arbitrary code through crafted HTML pages, leveraging a type confusion flaw in WebAssembly. The risk to organizations includes potential unauthorized access and manipulation of sensitive data. Given the exploitability of this vulnerability, it is imperative for organizations to prioritize patching to mitigate risks.

With a CVSS score of 7.7, this vulnerability is categorized as high. Attackers may leverage this vulnerability to gain control of affected systems, underscoring the urgency for defenders to apply the necessary patches immediately.

The vulnerability has been confirmed to have known exploit code available, indicating that attackers may actively seek to exploit unpatched systems. Organizations using Google Chrome should assess their environments and ensure that they are running the latest version to protect against this threat.

Organizations must prioritize patching immediately to safeguard against potential exploitation and data breaches.

Vulnerability Details

CVE-2024-2887 describes a type confusion vulnerability in WebAssembly in Google Chrome versions prior to 123.0.6312.86, allowing a remote attacker to execute arbitrary code via a crafted HTML page. This vulnerability is classified under CWE-843. The CVSS score is 7.7, indicating a high severity level, which is critical for organizations to address.

Technical Analysis

The root cause of this vulnerability lies in type confusion within WebAssembly, which can be exploited through a crafted HTML page. The attack vector is local, and it requires user interaction to trigger the exploit. The complexity of the attack is high, and no privileges are required to exploit this vulnerability. The impact on confidentiality, integrity, and availability is high, making it a significant risk for organizations.

Risk & Impact Analysis

The real-world risk associated with CVE-2024-2887 is substantial, particularly for organizations using Google Chrome. The vulnerability's high exploitability means that attackers could potentially gain control over affected systems, leading to unauthorized access to sensitive data and operational disruption. The urgency for organizations to address this vulnerability is underscored by its CVSS score and the availability of exploit code, which indicates a clear and present threat.

Signal	Status
Known Exploit	Yes
Public PoC	Yes
Actively Exploited	No
Ransomware Use	No

Affected Versions

Affected versions include Google Chrome prior to 123.0.6312.86 and Fedora versions 38, 39, and 40. Organizations should ensure they are running patched versions to protect against this vulnerability.

Mitigation & Remediation

To mitigate the risks associated with CVE-2024-2887, organizations should upgrade Google Chrome to version 123.0.6312.86 or later. Additionally, Fedora users should ensure they are running the latest updates for their systems. If patches are not immediately available, organizations should consider implementing network controls to limit exposure and monitor for suspicious activity.

Detection Guidance

Organizations should monitor logs for indicators of exploitation attempts related to CVE-2024-2887. Behavioral anomalies in user activity, particularly those involving WebAssembly, should be flagged for further investigation. Implementing network signatures that detect patterns associated with the exploit can also enhance security.

AppSecure Threat Intelligence Insight

The long-term significance of CVE-2024-2887 highlights the ongoing challenges in WebAssembly security. As organizations increasingly adopt WebAssembly for its performance benefits, vulnerabilities like this will require attention from security teams. This incident serves as a reminder of the need for regular security assessments and the importance of staying updated with the latest security patches.

Security teams should consider reviewing their vulnerability management practices and enhancing their penetration testing strategies. Continuous monitoring and timely updates will be essential to mitigate the risks associated with emerging vulnerabilities.

For further guidance on managing vulnerabilities, organizations can refer to resources such as vulnerability management program design and penetration testing to validate their security posture.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2024-2887: High Vulnerability in Google Chrome