Google Alerts about CVE-2024-7965 Chrome Security Vulnerability Being Actively Exploited
Google has unveiled that a vulnerability that was fixed as part of a security update deployed last week for its Chrome browser is currently being exploited in real-world scenarios.
Tracked as CVE-2024-7965, the flaw is identified as an inappropriate implementation error in the V8 JavaScript and WebAssembly engine.
“Inappropriate implementation in V8 in Google Chrome before 128.0.6613.84 permitted a distant attacker to potentially take advantage of heap corruption through a well-crafted HTML page,” according to a explanation of the issue in the NIST National Vulnerability Database (NVD).
A security expert known as TheDog, discovered and disclosed the flaw on July 30, 2024, and received a bug bounty of $11,000.
Further details regarding the types of attacks leveraging the vulnerability or the identities of the actors exploiting it have not been disclosed. Nevertheless, the technology giant, has recognized that there is evidence of an exploit for CVE-2024-7965.
The company also stated, “exploitation in the wild of CVE-2024-7965 […] was reported subsequent to this release.” There is currently no confirmation whether the flaw was exploited as a zero-day prior to its public acknowledgment last week.
The Hacker News has contacted Google for additional information about the vulnerability, and we will provide updates to the article if we receive a response.
Google has to date patched nine zero-days in Chrome since the beginning of 2024, including three demonstrated at Pwn2Own 2024 –
It is strongly advised for users to update to Chrome version 128.0.6613.84/.85 for Windows and macOS, and version 128.0.6613.84 for Linux to reduce potential risks.
About Author
