Google Addresses Ninth Exploited Chrome Zero-Day Vulnerability of 2024
August 21, 2024
Google has rolled out an emergency security update for Chrome to rectify a zero-day vulnerability identified as CVE-2024-7971, which has been exploited in attacks. The company's advisory, published on Wednesday, confirmed that "Google is aware that an exploit for CVE-2024-7971 exists in the wild." This high-risk vulnerability is the result of a type confusion issue in Chrome's V8 JavaScript engine. The vulnerability was reported by security researchers from the Microsoft Threat Intelligence Center (MSTIC) and the Microsoft Security Response Center (MSRC) on Monday.
This type of security flaw typically allows attackers to cause browser crashes when data stored in memory is misinterpreted as a different type. However, it can also be exploited by attackers to execute arbitrary code on devices running browsers that have not been patched. Google has addressed this zero-day vulnerability with the release of versions 128.0.6613.84/.85 for Windows and macOS, and 128.0.6613.84 for Linux. These versions will be gradually rolled out to all users on the Stable Desktop channel in the coming weeks.
Although Chrome automatically updates when security fixes are available, users can expedite the process by navigating to the Chrome menu > Help > About Google Chrome, allowing the update to complete, and then clicking the 'Relaunch' button to install it. The update was immediately available when checked for new updates.
Despite confirming that the CVE-2024-7971 vulnerability has been exploited in attacks, Google has not yet provided further details about the exploitation in the wild. Google stated, "Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven't yet fixed."
CVE-2024-7971 is the ninth Chrome zero-day vulnerability that has been actively exploited and patched by Google in 2024.
Latest News
- Critical Vulnerability in LiteSpeed Cache WordPress Plugin Threatens Millions of Websites
- Critical Authentication Bypass Flaw Detected in GitHub Enterprise Server
- Microsoft's Copilot Studio Exposes Cloud Data Due to SSRF Bug
- Stealthy Msupedge Backdoor Exploits PHP Flaw in Cyber Attack on Taiwanese University
- Security Vulnerability in Azure Kubernetes Services Unveiled by Researchers
Like what you see?
Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.