Google has released an emergency update for Chrome desktop users to address a serious security vulnerability that is actively being exploited.
Description
The update [2] [3] [6] [8], Chrome version 128.0.6613.84/85 for Windows and Mac [1] [3] [4] [5] [8], and 128.0.6613.84 for Linux [1] [2] [3] [4] [6] [8], fixes the CVE-2024-7971 vulnerability [8] [9], a type confusion bug in the V8 JavaScript and WebAssembly engine [1] [7]. This vulnerability allows remote attackers to exploit heap corruption through a malicious HTML page, potentially leading to PC destabilization [8], data compromise [8], or execution of rogue code [8]. The vulnerability was reported by Microsoft and could be used to execute arbitrary code. In addition to fixing CVE-2024-7971, the update also addresses six high [3], nine medium [3], and four low severity vulnerabilities [3]. Users are advised to manually update Chrome to the latest version by navigating to Settings > About Chrome and restarting the browser. Google is gradually rolling out this update to all users. Fixes for security vulnerabilities in V8 are quickly propagated to other browsers like Microsoft Edge, Brave [4], Opera [4], and Vivaldi [4], which use the Blink and V8 engines developed by the Chromium team [4]. Along with security fixes [7], this update introduces Google Lens for desktop [2], allowing users to search the web without leaving their current tab [2].
Conclusion
This emergency update by Google for Chrome desktop users is crucial in addressing the CVE-2024-7971 vulnerability and other security issues. Users are strongly advised to update their Chrome browser to the latest version to protect against potential threats. The quick response by Google in releasing this update highlights the importance of timely security patches in safeguarding user data and system integrity.
References
[1] https://thehackernews.com/2024/08/google-fixes-high-severity-chrome-flaw.html
[2] https://www.malwarebytes.com/blog/news/2024/08/google-patches-actively-exploited-zero-day-in-chrome-update-now
[3] https://digital.nhs.uk/cyber-alerts/2024/cc-4539
[4] https://www.helpnetsecurity.com/2024/08/22/cve-2024-7971/
[5] https://uk.pcmag.com/browsers/154008/patch-now-hackers-found-exploiting-zero-day-flaw-in-chrome-browser
[6] https://lifehacker.com/tech/you-should-update-chrome-asap
[7] https://www.darkreading.com/vulnerabilities-threats/google-chrome-update-fixes-flaw-exploited-in-the-wild
[8] https://www.forbes.com/sites/zakdoffman/2024/08/21/new-google-chrome-warning-microsoft-windows-10-windows-11-2-billion-users/
[9] https://cybersecuritynews.com/chrome-zero-day-vulnerability/