Google has addressed a crucial zero-day exposure in its Chrome browser, recognized as CVE-2024-7965. This high-severity flaw, which involves versions of Chrome before 128.0.6613.84, has been actively manipulated in the wild, prompting users to update their browsers instantly. CVE-2024-7965 is a vulnerability in the V8 JavaScript engine operated by Chrome. It is characterized by an improper performance that permits remote assailants to exploit heap corruption through specially prepared HTML pages.
This flaw poses a substantial risk, with a CVSS score of 8.8, suggesting potential high impacts on the confidentiality and integrity of impacted systems. The vulnerability was reported by a safety investigator understood as “TheDog” on July 30, 2024, and has since been patched in the latest Chrome release, version 128.0.6613.84 for Linux and 128.0.6613.84/.85 for Windows and Mac.
Google has acknowledged the functional exploitation of this vulnerability and highlights the speed of users updating their browsers to mitigate likely threats. This update tracks a blog post in which the firm earlier remarked that it had addressed a different high-severity zero-day vulnerability CVE-2024-7971 resulting from a V8-type confusion weakness.
Manipulating CVE-2024-7965 needs user interaction, such as visiting a compromised webpage, which could direct to unauthorized access or the execution of hostile code. Associations and unique users are recommended to prioritize the update to protect against possible data violations and the failure of sensitive data.
This vulnerability is part of a series of safety problems managed in the latest Chrome update, which contains 38 protection fixes. Many high-severity vulnerabilities were reported by exterior investigators, emphasizing the continued efforts to secure the browser against arising hazards.
Google swift reaction to fix this zero-day vulnerability underscores the significance of preserving up-to-date software to defend against cyber dangers. Users are encouraged to allow automatic updates or manually check for updates by navigating to the Chrome menu, choosing “Help,” and then “About Google Chrome” to ensure they are running the latest version.
Troubleshooting Chrome Zero-Day Patching in 2024
- CVE-2024-0519: This vulnerability is an out-of-bounds memory access issue in the V8 JavaScript engine used by Google Chrome. It lets assailants potentially run random code by manipulating this flaw. This vulnerability has been addressed by updating to a more recent version of Chrome.
- CVE-2024-2887: This is a kind of confusion vulnerability in the WebAssembly component of Google Chrome. Type confusion can direct to out-of-bounds memory access, which may result in arbitrary code execution. This vulnerability was presented at Pwn2Own 2024 and has been fixed in Chrome updates.
- CVE-2024-2886: This vulnerability includes a use-after-free situation in the WebCodecs component of Google Chrome. Use-after-free vulnerabilities can guide random code execution if manipulated. This problem was also presented at Pwn2Own 2024 and has been determined in the following Chrome updates.
- CVE-2024-3159: Another out-of-bounds memory access vulnerability in the V8 JavaScript engine of Google Chrome. Like other out-of-bounds vulnerabilities, it can be used to manage incidental code. It was presented at Pwn2Own 2024 and has been improved in newer Chrome versions.
- CVE-2024-4671: This is a use-after-free vulnerability in the Visuals component of Google Chrome. Manipulating such vulnerabilities can lead to arbitrary code performance. This vulnerability has been fixed in current Chrome updates.
- CVE-2024-4947: A type confusion vulnerability in the V8 JavaScript and WebAssembly engine of Google Chrome. This vulnerability has been actively used in the wild, prompting critical updates to Chrome to mitigate the threat.
- CVE-2024-5274: This vulnerability is a type of confusion bug in the V8 JavaScript and WebAssembly engine of Google Chrome. It permits out-of-bounds memory access, potentially leading to arbitrary code execution. Google has accepted active exploitation of this vulnerability and has published patches.
- CVE-2024-7971: This vulnerability affects a type of confusion problem within the V8 JavaScript engine, which can be manipulated to manage arbitrary code.