CVE-2024-3159

ENISA EUVD: EUVD-2024-31756 ↗
✓ Confirmed 0-Day
Triaged: March 5, 2026 14 articles Published: 2024-04-06
VulnLookup ↗ NVD ↗ EUVD ↗ MITRE ↗

EPSS Score

Source: FIRST.org · 2026-05-23
6.13%
probability
This CVE has a 6.13% probability of being exploited in the next 30 days.
0% Top 90.9th percentile of all CVEs 100%

CVSS v3.1

Source: VulnerabilityLookup (CIRCL)
8.8
HIGH
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Description

VulnerabilityLookup (CNA)
Out of bounds memory access in V8 in Google Chrome prior to 123.0.6312.105 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)

Affected Products

Google
Chrome
123.0.6312.105

Attack Intelligence

Signal Intelligence

Confidence
85%
EPSS 6.13%
CVSS v3.1 8.8
Mentions 14
Last Seen Aug 26, 2024

CNA Information

CNA Assigner
Chrome

Analyst Note

CVE-2024-3159 is explicitly named as a zero-day in multiple authoritative sources (BleepingComputer articles referring to 'ninth Chrome zero-day tagged as exploited this year'). The CVE was published April 6, 2024, and patched in Chrome 123.0.6312.105, with contemporaneous reporting of active exploitation. This matches the zero-day profile: in-the-wild exploitation concurrent with patch availability.

Triage Info

Decided atMar 05, 2026
Published DateApr 06, 2024