CVE-2024-7971

ENISA EUVD: EUVD-2024-48804 ↗
Exploited in the Wild ✓ Confirmed 0-Day ★ Google Project Zero
Triaged: March 3, 2026 6 articles Published: 2024-08-21
VulnLookup ↗ NVD ↗ EUVD ↗ MITRE ↗ Advisory ↗ P0 Sheet ↗ CISA KEV ↗

EPSS Score

Source: FIRST.org · 2026-05-23
1.02%
probability
This CVE has a 1.02% probability of being exploited in the next 30 days.
0% Top 77.4th percentile of all CVEs 100%

CVSS v3.1

Source: VulnerabilityLookup (CIRCL)
8.8
HIGH
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Description

VulnerabilityLookup (CNA)
Type confusion in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Affected Products

Google
Chrome
128.0.6613.84

Attack Intelligence

Google Project Zero

Patched
Aug. 21, 2024
Reported by
Microsoft Threat Intelligence Center (MSTIC), Microsoft Security Response Center (MSRC)

Exploits & PoC

mistymntncop/CVE-2024-7971
34 2025-04-14
1 repo — triés par ⭐ Rechercher sur GitHub ↗

Signal Intelligence

Confidence
92%
EPSS 1.02%
CVSS v3.1 8.8
Mentions 6
Last Seen Aug 30, 2024

CNA Information

CNA Assigner
Chrome

Analyst Note

CVE-2024-7971 is confirmed as an actively exploited zero-day in Chrome with strong evidence including Google Project Zero attribution, HIGH CVSS severity (8.8), documented exploitation by North Korean threat actors deploying rootkits, and multiple authoritative sources (BleepingComputer, CERT-EU) corroborating active in-the-wild attacks. The vulnerability involves type confusion leading to heap corruption, a critical memory safety issue with proven exploitability.

Threat Actors 2

Lazarus Group
apt_group Information theft and espionage 🇰🇵 KP
UNC4736
apt_group 🇰🇵 KP

Triage Info

Decided atMar 03, 2026
Published DateAug 21, 2024