Google has released Chrome version 128.0.6613.84, which addresses a high-severity zero-day vulnerability in the V8 JavaScript and WebAssembly engine, known as CVE-2024-7971 [1] [2] [6].
Description
This latest Chrome update includes over three dozen security fixes, with one specifically targeting the type confusion bug in the V8 engine. This vulnerability allows for the execution of arbitrary code and exploitation of heap corruption via a crafted HTML page. Discovered and reported by the Microsoft Threat Intelligence Center and the Microsoft Security Response Center on August 19, 2024 [4], the flaw is actively being exploited in the wild [4]. Google has confirmed the existence of an exploit for this vulnerability [2], highlighting the potential risks associated with it [2]. Users are strongly advised to update their Chrome installations promptly to protect against potential attacks [3]. It is important to note that other Chromium-based browsers like Brave, Microsoft Edge [1] [3], Opera [1] [3], and Vivaldi may also be at risk [1], so users are advised to update promptly to protect against potential threats [3] [5].
Conclusion
The discovery of this zero-day vulnerability underscores the importance of timely software updates and vigilance in cybersecurity. Users must take immediate action to safeguard their systems and data from potential threats. It is crucial for both individuals and organizations to stay informed about security risks and implement necessary measures to mitigate them.
References
[1] https://www.tomsguide.com/computing/online-security/billons-of-chrome-users-at-risk-from-hacker-attacks-severe-flaw-exploited
[2] https://lifehacker.com/tech/you-should-update-chrome-asap
[3] https://www.helpnetsecurity.com/2024/08/22/cve-2024-7971/
[4] https://cybersecuritynews.com/chrome-zero-day-vulnerability/
[5] https://duo.com/decipher/google-fixes-zero-day-chrome-flaw-in-v8
[6] https://thehackernews.com/2024/08/google-fixes-high-severity-chrome-flaw.html
