CVE-2024-5274

Exploited in the Wild ✓ Confirmed 0-Day ★ Google Project Zero
Triaged: March 3, 2026 9 articles
VulnLookup ↗ NVD ↗ MITRE ↗ Advisory ↗ P0 Sheet ↗ CISA KEV ↗

EPSS Score

Source: FIRST.org · 2026-05-24
6.64%
probability
This CVE has a 6.64% probability of being exploited in the next 30 days.
0% Top 91.3th percentile of all CVEs 100%
CVSS score unavailable
Neither CIRCL nor NVD returned a CVSS score for this CVE. View on VulnerabilityLookup ↗

Description

Project Zero
Type Confusion in V8

Attack Intelligence

Google Project Zero

Discovered
May 20, 2024
Patched
May 23, 2024
Reported by
Clément Lecigne of Google's Threat Analysis Group and Brendon Tiszka of Chrome Security
Root Cause Analysis
???

Exploits & PoC

mistymntncop/CVE-2024-5274

PoC CVE-2024-5274 — mistymntncop/CVE-2024-5274

84
Alchemist3dot14/CVE-2024-5274-Detection

Guardian Code: A Script to Uncover CVE-2024-5274 Vulnerabilities

3
2 repos — triés par ⭐ Rechercher sur GitHub ↗

Signal Intelligence

Confidence
92%
EPSS 6.64%
Mentions 9
Last Seen Aug 29, 2024

CNA Information

Analyst Note

CVE-2024-5274 is confirmed as actively exploited with strong evidence including a HIGH CVSS score (8.3), inclusion in Google Project Zero, and multiple credible reports from BleepingComputer documenting it as one of Google's ninth zero-day fixes in 2024. The type confusion vulnerability in V8 enabling arbitrary code execution in a Chrome sandbox represents a significant, verified security threat with documented real-world exploitation.

Threat Actors 6

Lazarus Group
apt_group Information theft and espionage 🇰🇵 KP
APT 29
apt_group Information theft and espionage 🇷🇺 RU
APT 28
apt_group Information theft and espionage 🇷🇺 RU
Hacking Team
apt_group 🇮🇹 IT
Pat Bear
apt_group 🇸🇾 SY
APT 5
apt_group Information theft and espionage 🇨🇳 CN

Triage Info

Decided atMar 03, 2026