Critical Exploit in Chrome Patched: Users Urged to Update
Security Flaw Exploited in the Wild
Google has patched an Exploit in Chrome browser that has been actively exploited by attackers. The flaw, identified as CVE-2024-7965, was part of a recent software update released last week.
You might be interested in: Google Fixes Critical Chrome Security Issue
The flaw, identified as CVE-2024-7965, was part of a recent software update released last week.
What Is CVE-2024-7965?
This vulnerability is tied to a problem in the V8 JavaScript and WebAssembly engine used by Chrome. The National Vulnerability Database (NVD) describes it as an “improper implementation” that allowed a remote attacker to potentially cause heap corruption by using a specially crafted HTML page. This Exploit in Chrome affects versions of prior to 128.0.6613.84.
Discovery and Reward
A security researcher known as “TheDog” discovered and reported this flaw on July 30, 2024. For their efforts, they received a bug bounty of $11,000 from Google.
Limited Details on Exploitation
Google has confirmed that an exploit for CVE-2024-7965 has been used in the wild, but specific details about the attackers or the nature of the attacks remain undisclosed. It’s also unclear whether this vulnerability was exploited as a zero-day before it was patched last week.
Importance of Updating Chrome
Between the start of 2024 and now, Google has addressed nine zero-day vulnerabilities in Chrome, including several demonstrated at the Pwn2Own 2024 conference. These include:
- CVE-2024-0519 – Out-of-bounds memory access in V8
- CVE-2024-2886 – Use-after-free in WebCodecs (demonstrated at Pwn2Own 2024)
- CVE-2024-2887 – Type confusion in WebAssembly (demonstrated at Pwn2Own 2024)
- CVE-2024-3159 – Out-of-bounds memory access in V8 (demonstrated at Pwn2Own 2024)
- CVE-2024-4671 – Use-after-free in Visuals
- CVE-2024-4761 – Out-of-bounds write in V8
- CVE-2024-4947 – Type confusion in V8
- CVE-2024-5274 – Type confusion in V8
- CVE-2024-7971 – Type confusion in V8
Users are strongly advised to update their Chrome browsers to version 128.0.6613.84/.85 on Windows and macOS, and version 128.0.6613.84 on Linux to protect against these threats.
Stay safe by keeping your software up to date.
MANAGED CYBERSECURITY SOLUTIONS
Rhyno delivers a range of activities that combine to fully protect your infrastructure and data from cybercriminals, anywhere and everywhere, 24/7/365.
About Rhyno Cybersecurity Services
Rhyno Cybersecurity is a Canadian-based company focusing on 24/7 Managed Detection and Response, Penetration Testing, Enterprise Cloud, and Cybersecurity Solutions for small and midsize businesses.
Our products and services are robust, innovative, and cost-effective. Underpinned by our 24x7x365 Security Operations Centre (SOC), our experts ensure you have access to cybersecurity expertise when you need it the most.