Google Resolves High-Severity Chrome Bug Actively Exploited in the Wild

0
93
Google Resolves High-Severity Chrome Bug Actively Exploited in the Wild
Google Resolves High-Severity Chrome Bug Actively Exploited in the Wild

Google has issued security patches to address a high-severity security flaw in its Chrome browser that it claims has been actively exploited in the wild.

In order to address a high-severity security hole in its Chrome browser that it claims has been actively exploited in the wild, Google has released security updates. The vulnerability, which is tracked as CVE-2024-7971, is characterized as a type of misunderstanding flaw in the WebAssembly and JavaScript V8 engines.

The NIST National Vulnerability Database (NVD) describes the bug as follows: “Type confusion in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to exploit heap corruption via a crafted HTML page.”

The bug was found and reported on August 19, 2024, by the Microsoft Threat Intelligence Center (MSTIC) and Microsoft Security Response Center (MSRC). To make sure that the majority of users receive an update with a remedy, no more information regarding the type of attacks that take advantage of the vulnerability or the identities of the threat actors who might be using it as a weapon has been made public. But in a succinct statement, the IT behemoth admitted that it is “aware that an exploit for CVE-2024-7971 exists in the wild.” Notably, after CVE-2024-4947 and CVE-2024-5274, CVE-2024-7971 is the third type of confusion flaw that has been patched in V8 this year.

Since the beginning of 2024, Google has fixed nine zero-days in Chrome, including three that were shown during Pwn2Own 2024.

V8 Out-of-Bounds Memory Access

CVE-2024-0519

Use-after-free in Web Codecs

(CVE-2024-2886) (demonstrated during Pwn2Own 2024)

CVE-2024-2887: WebAssembly type misunderstanding (demonstrated at Pwn2Own 2024)

Out-of-bounds memory access in V8 is identified as CVE-2024-3159 (demonstrated at Pwn2Own 2024).

CVE-2024-4671: Visuals: Use-after-Free

Out-of-bounds writing in V8 (CVE-2024-4761)

Type confusion in V8 (CVE-2024-4947)

Type confusion in V8 (CVE-2024-5274)

To reduce possible risks, users are advised to update to Chrome versions 128.0.6613.84/.85 for Windows and macOS and 128.0.6613.84 for Linux. It’s also recommended that users of Chrome-based browsers like Vivaldi, Microsoft Edge, Brave, Opera, and Opera update the changes as soon as they become available.

Also readAt Jar, we’ve leveraged cutting-edge technology to enhance our platform’s efficiency and user-friendliness, says Nishchay Ag, Co-founder and CEO of Jar

Do FollowCIO News LinkedIn Account | CIO News Facebook | CIO News Youtube | CIO News Twitter 

About us:

CIO News is the premier platform dedicated to delivering the latest news, updates, and insights from the CIO industry. As a trusted source in the technology and IT sector, we provide a comprehensive resource for executives and professionals seeking to stay informed and ahead of the curve. With a focus on cutting-edge developments and trends, CIO News serves as your go-to destination for staying abreast of the rapidly evolving landscape of technology and IT. Founded in June 2020, CIO News has rapidly evolved with ambitious growth plans to expand globally, targeting markets in the Middle East & Africa, ASEAN, USA, and the UK.

CIO News is a proprietary of Mercadeo Multiventures Pvt Ltd.