Google has issued security patches to address a high-severity security flaw in its Chrome browser that it claims has been actively exploited in the wild.
In order to address a high-severity security hole in its Chrome browser that it claims has been actively exploited in the wild, Google has released security updates. The vulnerability, which is tracked as CVE-2024-7971, is characterized as a type of misunderstanding flaw in the WebAssembly and JavaScript V8 engines.
The NIST National Vulnerability Database (NVD) describes the bug as follows: “Type confusion in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to exploit heap corruption via a crafted HTML page.”
The bug was found and reported on August 19, 2024, by the Microsoft Threat Intelligence Center (MSTIC) and Microsoft Security Response Center (MSRC). To make sure that the majority of users receive an update with a remedy, no more information regarding the type of attacks that take advantage of the vulnerability or the identities of the threat actors who might be using it as a weapon has been made public. But in a succinct statement, the IT behemoth admitted that it is “aware that an exploit for CVE-2024-7971 exists in the wild.” Notably, after CVE-2024-4947 and CVE-2024-5274, CVE-2024-7971 is the third type of confusion flaw that has been patched in V8 this year.
Since the beginning of 2024, Google has fixed nine zero-days in Chrome, including three that were shown during Pwn2Own 2024.
V8 Out-of-Bounds Memory Access
CVE-2024-0519
Use-after-free in Web Codecs
(CVE-2024-2886) (demonstrated during Pwn2Own 2024)
CVE-2024-2887: WebAssembly type misunderstanding (demonstrated at Pwn2Own 2024)
Out-of-bounds memory access in V8 is identified as CVE-2024-3159 (demonstrated at Pwn2Own 2024).
CVE-2024-4671: Visuals: Use-after-Free
Out-of-bounds writing in V8 (CVE-2024-4761)
Type confusion in V8 (CVE-2024-4947)
Type confusion in V8 (CVE-2024-5274)
To reduce possible risks, users are advised to update to Chrome versions 128.0.6613.84/.85 for Windows and macOS and 128.0.6613.84 for Linux. It’s also recommended that users of Chrome-based browsers like Vivaldi, Microsoft Edge, Brave, Opera, and Opera update the changes as soon as they become available.
Do Follow: CIO News LinkedIn Account | CIO News Facebook | CIO News Youtube | CIO News Twitter
About us:
CIO News is the premier platform dedicated to delivering the latest news, updates, and insights from the CIO industry. As a trusted source in the technology and IT sector, we provide a comprehensive resource for executives and professionals seeking to stay informed and ahead of the curve. With a focus on cutting-edge developments and trends, CIO News serves as your go-to destination for staying abreast of the rapidly evolving landscape of technology and IT. Founded in June 2020, CIO News has rapidly evolved with ambitious growth plans to expand globally, targeting markets in the Middle East & Africa, ASEAN, USA, and the UK.
CIO News is a proprietary of Mercadeo Multiventures Pvt Ltd.
