CVE-2024-2887
ENISA EUVD: EUVD-2024-27831 ↗
✓ Confirmed 0-Day
Triaged: March 5, 2026
15 articles
Published: 2024-03-26
EPSS Score
Source: FIRST.org · 2026-05-23
12.53%
probability
This CVE has a 12.53% probability
of being exploited in the next 30 days.
0%
Top 94.0th percentile of all CVEs
100%
CVSS v3.1
Source: VulnerabilityLookup (CIRCL)8.1
HIGH
Attack Vector
Local
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Description
VulnerabilityLookup (CNA)Type Confusion in WebAssembly in Google Chrome prior to 123.0.6312.86 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
Affected Products
Google
Chrome
123.0.6312.86
Attack Intelligence
Exploits & PoC
rycbar77/CVE-2024-2887
For V8CTF M123
18
2024-08-25
PumpkinBridge/Chrome-CVE-2024-2887-RCE-POC
Chrome(CVE-2024-2887)RCE-POC
16
2024-08-25
1
2025-05-18
3 repos — triés par ⭐
Rechercher sur GitHub ↗
Signal Intelligence
Confidence
92%
EPSS
12.53%
CVSS v3.1
8.1
Mentions
15
Last Seen
Aug 26, 2024
CNA Information
CNA Assigner
Chrome
Analyst Note
CVE-2024-2887 is explicitly named as a Chrome zero-day exploited in the wild in multiple authoritative BleepingComputer reports from 2024. The CVE was published 2024-03-26 with Chrome version 123.0.6312.86 as the fix, and articles clearly state it was 'tagged as exploited' and 'actively exploited' before or concurrent with the patch release, meeting the core zero-day criteria.
Triage Info
Decided atMar 05, 2026
Published DateMar 26, 2024