CVE-2024-4947

Exploited in the Wild ✓ Confirmed 0-Day ★ Google Project Zero

Triaged: March 3, 2026 13 articles

VulnLookup ↗ NVD ↗ MITRE ↗ Advisory ↗ P0 Sheet ↗ CISA KEV ↗

EPSS Score

Source: FIRST.org · 2026-05-24

0.97%

probability

This CVE has a 0.97% probability of being exploited in the next 30 days.

0% Top 76.8th percentile of all CVEs 100%

CVSS score unavailable

Neither CIRCL nor NVD returned a CVSS score for this CVE. View on VulnerabilityLookup ↗

Description

Project Zero

Type Confusion in V8

Attack Intelligence

CWE-664 · Improper Control of a Resource Through its Lifetime CWE-704 · Incorrect Type Conversion CWE-843 · Type Confusion

Google Project Zero

Discovered

May 13, 2024

Patched

May 15, 2024

Reported by

Vasily Berdnikov (@vaber_b) and Boris Larin (@oct0xor) of Kaspersky

Root Cause Analysis

???

Google Fixes High-Severity Chrome Flaw Actively Exploited in the Wild

TheHackerNews

Google fixes ninth Chrome zero-day tagged as exploited this year

BleepingComputer Aug 21, 2024

Google Warns of CVE-2024-7965 Chrome Security Flaw Under Active Exploitation

TheHackerNews

Google tags a tenth Chrome zero-day as exploited this year

BleepingComputer Aug 26, 2024

Google fixes eighth actively exploited Chrome zero-day this year

BleepingComputer May 24, 2024

Google fixes third actively exploited Chrome zero-day in a week

BleepingComputer May 15, 2024

Google Patches Yet Another Actively Exploited Chrome Zero-Day Vulnerability

TheHackerNews

Update Chrome Browser Now: 4th Zero-Day Exploit Discovered in May 2024

TheHackerNews

Get Weekends Back: Put Chrome CVEs like CVE-2024-5274 on Auto-Patching

Qualys May 11, 2024

NextGen Healthcare Mirth Connect Under Attack - CISA Issues Urgent Warning

TheHackerNews

Lazarus hackers used fake DeFi game to exploit Google Chrome zero-day

BleepingComputer Oct 23, 2024

Security Advisory 2024-044

CERT-EU May 16, 2024

Lazarus Group Exploits Google Chrome Vulnerability to Control Infected Devices

TheHackerNews

Signal Intelligence

Confidenceⓘ

92%

EPSS 0.97%

Mentions 13

Last Seen Oct 23, 2024

CNA Information

Analyst Note

CVE-2024-4947 is a confirmed zero-day with strong evidence of active exploitation, including attribution to Lazarus hackers using a fake DeFi game attack vector. The critical CVSS 9.6 score, presence in Google Project Zero, multiple independent security news sources documenting active exploits, and timely patching in Chrome 125.0.6422.60 all support the confirmed status.