CVE-2024-7965

ENISA EUVD: EUVD-2024-48798 ↗
Exploited in the Wild ✓ Confirmed 0-Day ★ Google Project Zero
Triaged: March 3, 2026 3 articles Published: 2024-08-21
VulnLookup ↗ NVD ↗ EUVD ↗ MITRE ↗ Advisory ↗ P0 Sheet ↗ CISA KEV ↗

EPSS Score

Source: FIRST.org · 2026-05-23
24.23%
probability
This CVE has a 24.23% probability of being exploited in the next 30 days.
0% Top 96.2th percentile of all CVEs 100%

CVSS v3.1

Source: VulnerabilityLookup (CIRCL)
8.8
HIGH
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Description

VulnerabilityLookup (CNA)
Inappropriate implementation in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Affected Products

Google
Chrome
128.0.6613.84

Attack Intelligence

Google Project Zero

Patched
Aug. 21, 2024
Reported by
TheDog

Exploits & PoC

bi-zone/CVE-2024-7965

This repository contains PoC for CVE-2024-7965. This is the vulnerability in the V8 that occurs only within ARM64.

49 2024-09-16
1 repo — triés par ⭐ Rechercher sur GitHub ↗

Signal Intelligence

Confidence
92%
EPSS 24.23%
CVSS v3.1 8.8
Mentions 3
Last Seen Aug 27, 2024

CNA Information

CNA Assigner
Chrome

Analyst Note

CVE-2024-7965 is confirmed as a zero-day vulnerability exploited in the wild, with Google's official acknowledgment and inclusion in Project Zero research. The HIGH CVSS score (8.8) reflects significant heap corruption risk in V8, and multiple credible sources including BleepingComputer and CERT-EU corroborate active exploitation.

Triage Info

Decided atMar 03, 2026
Published DateAug 21, 2024