DEBIAN-CVE-2024-2887

DEBIAN-CVE-2024-2887 PUBLISHED CVSS 7.699999809265137 HIGH

Type Confusion in WebAssembly in Google Chrome prior to 123.0.6312.86 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

Risk Scores

CVSS 3.1

7.699999809265137

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

Affected Products

Vendor	Product	Versions
Debian:11	chromium	*, 132.0.6834.83-1, 132.0.6834.83-1
Debian:13	chromium	0, 0
Debian:12	chromium	114.0.5735.90-2, 114.0.5735.198-1~deb11u1, 114.0.5735.198-1~deb12u1
Debian:14	chromium	0, 0

Exploit Intelligence

POC available soon (github-poc)
POC available soon (github-poc-repo)
jjyuorg/reproduce-cve-2024-2887 (github-poc-repo)
jjyuorg/reproduce-cve-2024-2887 (github-poc)
For V8CTF M123 (github-poc)
Chrome(CVE-2024-2887)RCE-POC (github-poc)
2025-08-07.json (github-poc)
ghost_report_20260112_192608.json (github-poc)
ghost_report_20260112_175243.json (github-poc)
ghost_report_20260112_182220.json (github-poc)

Timeline

Mar 26, 2024 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2024-2887 advisory

Open in Interactive Console →