Google has introduced security patches to fix a high-severity security vulnerability in its Chrome browser, which has been actively exploited in the wild.
Identified as CVE-2024-7971, the flaw has been characterized as a type confusion issue in the V8 JavaScript and WebAssembly engine.
“Type confusion in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to exploit heap corruption via a crafted HTML page,” mentioned in a description of the bug in the NIST National Vulnerability Database (NVD).
The Microsoft Threat Intelligence Center (MSTIC) and Microsoft Security Response Center (MSRC) are acknowledged for identifying and reporting the vulnerability on August 19, 2024.
Further details regarding the nature of the attacks exploiting this bug or the actors involved have not been disclosed, to ensure most users receive the necessary fix.
Although, in a brief statement, the tech corporation recognized that an exploit for CVE-2024-7971 is active in the wild. Notably, CVE-2024-7971 is the third type confusion bug addressed in V8 this year, following CVE-2024-4947 and CVE-2024-5274.
Google has addressed a total of nine zero-day vulnerabilities in Chrome since the beginning of 2024, including three demonstrated at Pwn2Own 2024 –
Users are advised to update to Chrome version 128.0.6613.84/.85 for Windows and macOS, and version 128.0.6613.84 for Linux to mitigate potential risks.
Users of browsers based on Chromium like Microsoft Edge, Brave, Opera, and Vivaldi are also recommended to apply the necessary fixes once they are available.
About Author
