CVE-2024-0518

ENISA EUVD: EUVD-2024-16313 ↗
✓ Confirmed 0-Day
Triaged: March 5, 2026 1 article Published: 2024-01-16
VulnLookup ↗ NVD ↗ EUVD ↗ MITRE ↗

EPSS Score

Source: FIRST.org · 2026-05-23
0.14%
probability
This CVE has a 0.14% probability of being exploited in the next 30 days.
0% Top 33.6th percentile of all CVEs 100%

CVSS v3.1

Source: VulnerabilityLookup (CIRCL)
7.5
HIGH
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Description

VulnerabilityLookup (CNA)
Type confusion in V8 in Google Chrome prior to 120.0.6099.224 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Affected Products

Google
Chrome
120.0.6099.224

Attack Intelligence

Signal Intelligence

Confidence
85%
EPSS 0.14%
CVSS v3.1 7.5
Mentions 1
Last Seen Jan 16, 2024

CNA Information

CNA Assigner
Chrome

Analyst Note

CVE-2024-0518 is explicitly named as an 'actively exploited Chrome zero-day of 2024' by BleepingComputer. Published January 16, 2024, with patching in Chrome 120.0.6099.224, the article directly confirms in-the-wild exploitation. The timing aligns with zero-day criteria: active attacks documented alongside patch availability.

Triage Info

Decided atMar 05, 2026
Published DateJan 16, 2024