Google Patches Tenth Chrome Zero-Day Exploited in 2024

August 26, 2024

Google has disclosed that it has fixed the tenth zero-day vulnerability to be exploited in the wild in 2024. The vulnerability, which has been assigned the identifier CVE-2024-7965, was reported by a security researcher going by the pseudonym 'TheDog'. The vulnerability is a high-severity issue and is described as an inappropriate implementation in Google Chrome's V8 JavaScript engine. This could allow remote attackers to exploit heap corruption by using a specially crafted HTML page.

Google made the announcement in an update to a blog post where it had previously revealed that it had patched another high-severity zero-day vulnerability, CVE-2024-7971, which was due to a type confusion weakness in the V8 engine. The company updated the blog post on August 26, 2024, to reflect the exploitation of CVE-2024-7965 in the wild, which was reported after the initial post. In the updated post, Google stated, 'Google is aware that exploits for CVE-2024-7971 and CVE-2024-7965 exist in the wild.'

The tech giant has addressed both zero-days in Chrome version 128.0.6613.84/.85 for Windows and macOS systems, and version 128.0.6613.84 for Linux users. These updates have been rolling out to all users in the Stable Desktop channel since Wednesday. While Chrome will automatically update when security patches are available, users can also manually apply the updates by navigating to the Chrome menu > Help > About Google Chrome, allowing the update to complete, and then clicking the 'Relaunch' button to install it.

Google has confirmed that the two vulnerabilities, CVE-2024-7971 and CVE-2024-7965, have been exploited in the wild. However, the company has not yet provided further information about these attacks. Google has stated, 'Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven't yet fixed.'

Since the beginning of the year, Google has patched eight other zero-days that have been exploited in attacks or during the Pwn2Own hacking contest.

Related News

Latest News

Like what you see?

Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.

Subscribe Below

By submitting this form, you’re giving us permission to email you. You may unsubscribe at any time.

Accelerate Security Teams

Continuously identify and prioritize the risks that are most critical in your environment, and validate that your remediation efforts are reducing risk. An always-on single source-of-truth of your assets, services, and vulnerabilities.