CVE-2024-2886
ENISA EUVD: EUVD-2024-27830 ↗
✓ Confirmed 0-Day
Triaged: March 5, 2026
15 articles
Published: 2024-03-26
EPSS Score
Source: FIRST.org · 2026-05-23
1.49%
probability
This CVE has a 1.49% probability
of being exploited in the next 30 days.
0%
Top 81.3th percentile of all CVEs
100%
CVSS v3.1
Source: VulnerabilityLookup (CIRCL)7.5
HIGH
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Description
VulnerabilityLookup (CNA)Use after free in WebCodecs in Google Chrome prior to 123.0.6312.86 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)
Affected Products
Google
Chrome
123.0.6312.86
Attack Intelligence
CWE-118
· Incorrect Access of Indexable Resource ('Range Error')
CWE-119
· Buffer Overflow
CWE-416
· Use After Free
CWE-664
· Improper Control of a Resource Through its Lifetime
CWE-666
· Operation on Resource in Wrong Phase of Lifetime
CWE-672
· Operation on a Resource after Expiration or Release
CWE-825
· Expired Pointer Dereference
Signal Intelligence
Confidence
85%
EPSS
1.49%
CVSS v3.1
7.5
Mentions
15
Last Seen
Aug 26, 2024
CNA Information
CNA Assigner
Chrome
Analyst Note
CVE-2024-2886 is explicitly identified as a Chrome zero-day tagged as exploited in the wild by Google in 2024, with multiple authoritative sources (BleepingComputer) confirming active exploitation. The CVE was published March 26, 2024, and patched in Chrome 123.0.6312.86 the same month, consistent with zero-day disclosure and patch timing.
Triage Info
Decided atMar 05, 2026
Published DateMar 26, 2024