When was CVE-2024-2887 disclosed?

CVE-2024-2887 was first published in the National Vulnerability Database on March 26, 2024, with the most recent update on March 28, 2025. EchelonGraph re-ingests CVE updates from NVD on a 2-hour cycle, so this page reflects the latest published state.

Is CVE-2024-2887 actively exploited?

CVE-2024-2887 is not currently on CISA's Known Exploited Vulnerabilities catalog. FIRST EPSS estimates a 94.1% percentile likelihood of exploitation in the next 30 days — higher percentiles indicate greater predicted risk.

What is the CVSS score of CVE-2024-2887?

CVE-2024-2887 has a CVSS v3 base score of 7.7 (NVD). EchelonGraph synthesises NVD + CISA KEV + FIRST EPSS + GHSA into a combined EG score of 8.1.

How do I remediate CVE-2024-2887?

Patch to the fixed version published by the affected vendor. Where vendor advisories exist for CVE-2024-2887, EchelonGraph cross-links them in the Vendor Advisories panel below — those typically contain the canonical remediation steps, fixed version numbers, and any vendor-specific mitigations.

CVE-2024-2887

HIGHNVD 7.78.1▲Elevated

7.7

Type Confusion in WebAssembly in Google Chrome prior to 123.0.6312.86 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

CVSS v3: 7.7
EG Score: 8.1(medium)
EPSS: 94.1%
KEV: Not listed

References (11)

chrome-cve-admin@googlehttps://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop_26.html
chrome-cve-admin@googlehttps://issues.chromium.org/issues/330588502
chrome-cve-admin@googlehttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3YUWGSMA5X2NQP5XEFCLRWNX6246GZ2C/
chrome-cve-admin@googlehttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G3RKI7VTQSIAI3PVZGRCHOSELTQXQ5FQ/
chrome-cve-admin@googlehttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IQMRHKDEG4J7TMRRRGUGW6GS4MVBX5IT/
af854a3a-2127-422b-91ae-364da2661108https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop_26.html
af854a3a-2127-422b-91ae-364da2661108https://issues.chromium.org/issues/330588502
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3YUWGSMA5X2NQP5XEFCLRWNX6246GZ2C/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G3RKI7VTQSIAI3PVZGRCHOSELTQXQ5FQ/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IQMRHKDEG4J7TMRRRGUGW6GS4MVBX5IT/
134c704f-9b21-4f2e-91b3-4a467353bcc0https://www.zerodayinitiative.com/blog/2024/5/2/cve-2024-2887-a-pwn2own-winning-bug-in-google-chrome

Is Your Infrastructure Affected by CVE-2024-2887?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.

Start Free Scan →Browse All CVEs

CVE-2024-2887

Published

Last Modified

References (11)

Weakness Classification(1)

All Vendor Advisories

Data Freshness Timeline

Publicly available exploits

Frequently asked(5)

Dependency Blast Radius

Is Your Infrastructure Affected by CVE-2024-2887?

Same vendor

Same CWE

CVE-2024-2887

📅 Published

🔄 Last Modified

🔗 References (11)

Weakness Classification(1)

All Vendor Advisories

Data Freshness Timeline

Publicly available exploits

❓ Frequently asked(5)

Dependency Blast Radius

Is Your Infrastructure Affected by CVE-2024-2887?

🔗 Related CVEs(same vendor + same CWE)

Same vendor

Same CWE

Published

Last Modified

References (11)

Frequently asked(5)

Related CVEs(same vendor + same CWE)