2024-09-20, Version 18.20.5 'Hydrogen' (NES)
This patch contains the fix for 2 vulnerabilities in V8 that are not directly applicable to Node.js:
-
CVE-2024-4947 (V8) Type Confusion in V8 in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
-
CVE-2024-4761 (V8) Out of bounds write in V8 in Google Chrome prior to 124.0.6367.207 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)