Google Addresses Ninth Exploited Chrome Zero-Day Vulnerability of 2024

August 21, 2024

Google has rolled out an emergency security update for Chrome to rectify a zero-day vulnerability identified as CVE-2024-7971, which has been exploited in attacks. The company's advisory, published on Wednesday, confirmed that "Google is aware that an exploit for CVE-2024-7971 exists in the wild." This high-risk vulnerability is the result of a type confusion issue in Chrome's V8 JavaScript engine. The vulnerability was reported by security researchers from the Microsoft Threat Intelligence Center (MSTIC) and the Microsoft Security Response Center (MSRC) on Monday.

This type of security flaw typically allows attackers to cause browser crashes when data stored in memory is misinterpreted as a different type. However, it can also be exploited by attackers to execute arbitrary code on devices running browsers that have not been patched. Google has addressed this zero-day vulnerability with the release of versions 128.0.6613.84/.85 for Windows and macOS, and 128.0.6613.84 for Linux. These versions will be gradually rolled out to all users on the Stable Desktop channel in the coming weeks.

Although Chrome automatically updates when security fixes are available, users can expedite the process by navigating to the Chrome menu > Help > About Google Chrome, allowing the update to complete, and then clicking the 'Relaunch' button to install it. The update was immediately available when checked for new updates.

Despite confirming that the CVE-2024-7971 vulnerability has been exploited in attacks, Google has not yet provided further details about the exploitation in the wild. Google stated, "Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven't yet fixed."

CVE-2024-7971 is the ninth Chrome zero-day vulnerability that has been actively exploited and patched by Google in 2024.

Latest News

Like what you see?

Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.

Subscribe Below

By submitting this form, you’re giving us permission to email you. You may unsubscribe at any time.

Accelerate Security Teams

Continuously identify and prioritize the risks that are most critical in your environment, and validate that your remediation efforts are reducing risk. An always-on single source-of-truth of your assets, services, and vulnerabilities.