CVE-2024-0517

ENISA EUVD: EUVD-2024-16312 ↗
✓ Confirmed 0-Day
Triaged: March 5, 2026 1 article Published: 2024-01-16
VulnLookup ↗ NVD ↗ EUVD ↗ MITRE ↗

EPSS Score

Source: FIRST.org · 2026-05-23
75.48%
probability
This CVE has a 75.48% probability of being exploited in the next 30 days.
0% Top 98.9th percentile of all CVEs 100%

CVSS v3.1

Source: VulnerabilityLookup (CIRCL)
8.8
HIGH
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Description

VulnerabilityLookup (CNA)
Out of bounds write in V8 in Google Chrome prior to 120.0.6099.224 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Affected Products

Google
Chrome
120.0.6099.224

Attack Intelligence

Signal Intelligence

Confidence
92%
EPSS 75.48%
CVSS v3.1 8.8
Mentions 1
Last Seen Jan 16, 2024

CNA Information

CNA Assigner
Chrome

Analyst Note

CVE-2024-0517 is explicitly named as the first actively exploited Chrome zero-day of 2024 in the BleepingComputer article. The timing is tight: CVE published 2024-01-16, patch version 120.0.6099.224 released shortly after, with active exploitation documented before patch availability. This meets all zero-day criteria.

Triage Info

Decided atMar 05, 2026
Published DateJan 16, 2024