Call now! (ID:316610)+1-855-211-0932
sign up
HomeHacker News & UpdatesGoogle Warns of CVE-2024-7965: Chrome Security Flaw Under Active Exploitation

Google Warns of CVE-2024-7965: Chrome Security Flaw Under Active Exploitation

Google has issued a warning regarding a significant security vulnerability affecting its Chrome browser. Tracked as CVE-2024-7965, this flaw was addressed in a recent software update but is now known to be under active exploitation.

The vulnerability, identified as an “inappropriate implementation” issue within the V8 JavaScript and WebAssembly engine, allows remote attackers to potentially exploit heap corruption through a specially crafted HTML page. The detailed description from the NIST National Vulnerability Database (NVD) highlights the risk of this flaw being leveraged to compromise user systems.

The flaw was discovered and reported by the security researcher known online as TheDog, who received a bug bounty of $11,000 for their findings. The report was submitted on July 30, 2024, prompting Google to swiftly address the issue in their latest Chrome update.

Despite the patch, Google has confirmed that CVE-2024-7965 is being actively exploited in the wild. The company has acknowledged the existence of an exploit but has not disclosed specific details about the nature of these attacks or the identities of the threat actors involved. It remains unclear whether the vulnerability was actively exploited as a zero-day prior to its public disclosure.

In response to this threat, users are strongly advised to update their Chrome browsers immediately. For Windows and macOS users, the recommended update is Chrome version 128.0.6613.84/.85. Linux users should update to version 128.0.6613.84.

This vulnerability is the latest in a series of zero-day vulnerabilities addressed by Google in 2024. Since the beginning of the year, Google has patched nine such issues, including several that were demonstrated at the Pwn2Own 2024 security conference. These include:

  • CVE-2024-0519 – Out-of-bounds memory access in V8
  • CVE-2024-2886 – Use-after-free in WebCodecs (demonstrated at Pwn2Own 2024)
  • CVE-2024-2887 – Type confusion in WebAssembly (demonstrated at Pwn2Own 2024)
  • CVE-2024-3159 – Out-of-bounds memory access in V8 (demonstrated at Pwn2Own 2024)
  • CVE-2024-4671 – Use-after-free in Visuals
  • CVE-2024-4761 – Out-of-bounds write in V8
  • CVE-2024-4947 – Type confusion in V8
  • CVE-2024-5274 – Type confusion in V8
  • CVE-2024-7971 – Type confusion in V8

As cybersecurity threats continue to evolve, keeping software up-to-date remains a crucial practice for safeguarding personal and organizational data. For ongoing updates and further information, users are encouraged to monitor official Google communications and security advisories.

The Hacker News has reached out to Google for additional details about CVE-2024-7965 and will provide updates as more information becomes available.