CVE-2023-7024

ENISA EUVD: EUVD-2023-59215 ↗

Exploited in the Wild ✓ Confirmed 0-Day ★ Google Project Zero

Triaged: March 3, 2026 6 articles Published: 2023-12-21

VulnLookup ↗ NVD ↗ EUVD ↗ MITRE ↗ Advisory ↗ P0 Sheet ↗ CISA KEV ↗

EPSS Score

Source: FIRST.org · 2026-05-23

3.07%

probability

This CVE has a 3.07% probability of being exploited in the next 30 days.

0% Top 86.9th percentile of all CVEs 100%

CVSS v3.1

Source: VulnerabilityLookup (CIRCL)

8.8

HIGH

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Description

VulnerabilityLookup (CNA)

Heap buffer overflow in WebRTC in Google Chrome prior to 120.0.6099.129 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Affected Products

Google

Chrome

120.0.6099.129

google

chrome

debian

debian linux

fedoraproject

fedora

Google

Chrome

120.0.6099.129 <120.0.6099.129

Google

Chrome

Attack Intelligence

CWE-118 · Incorrect Access of Indexable Resource ('Range Error') CWE-119 · Buffer Overflow CWE-664 · Improper Control of a Resource Through its Lifetime CWE-787 · Out-of-bounds Write

Google Project Zero

Discovered

Dec. 19, 2023

Patched

Dec. 20, 2023

Reported by

Clément Lecigne and Vlad Stolyarov of Google's Threat Analysis Group

Root Cause Analysis

???

Exploits & PoC

aka76bm/chrome-emergency-update

Emergency Chrome update information and tools for CVE-2023-7024 and other critical vulnerabilities

1 2025-11-07

aka76bm/google-chrome-emergency-update

Emergency Chrome update information and tools for CVE-2023-7024 and other critical vulnerabilities

1 2025-11-07

2 repos — triés par ⭐ Rechercher sur GitHub ↗

https://chromereleases.googleblog.com/2023/12/stable-channel-update-for-desktop_20.html

https://crbug.com/1513170

https://www.debian.org/security/2023/dsa-5585

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U6JL4VHZMHFGEGQYTF74533ZNRWMCMMR/

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6M6AJDHUL6EDPURWQXGLUFJNDE7SOJT3/

https://security.gentoo.org/glsa/202401-34

Signal Intelligence

Confidenceⓘ

92%

EPSS 3.07%

CVSS v3.1 8.8

Mentions 6

Last Seen Jan 16, 2024

CNA Information

CNA Assigner

Chrome

Analyst Note

CVE-2023-7024 is a high-severity heap buffer overflow in Chrome WebRTC that was actively exploited in the wild, as confirmed by multiple credible sources including BleepingComputer reporting it as the first actively exploited Chrome zero-day of 2024. The vulnerability has official Google/Chromium documentation, a high CVSS score of 8.8, and evidence of real-world exploitation, supporting the confirmed classification.

Triage Info

Decided atMar 03, 2026

Published DateDec 21, 2023