Google has rolled out safety fixes to handle a high-severity safety flaw in its Chrome browser that it mentioned has come underneath lively exploitation within the wild.
Tracked as CVE-2024-7971, the vulnerability has been described as a kind confusion bug within the V8 JavaScript and WebAssembly engine.
“Type confusion in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to exploit heap corruption via a crafted HTML page,” in accordance with a description of the bug within the NIST Nationwide Vulnerability Database (NVD).
The Microsoft Risk Intelligence Middle (MSTIC) and Microsoft Safety Response Middle (MSRC) have been credited with discovering and reporting the flaw on August 19, 2024.
No further particulars in regards to the nature of the assaults exploiting the flaw or the identification of the risk actors which may be weaponizing it have been launched, primarily to make sure that a majority of the customers are up to date with a repair.
The tech large, nevertheless, acknowledged in a terse assertion that it is “aware that an exploit for CVE-2024-7971 exists in the wild.” It is value mentioning that CVE-2024-7971 is the third kind confusion bug that it has patched in V8 this 12 months after CVE-2024-4947 and CVE-2024-5274.
Google has thus far addressed 9 zero-days in Chrome for the reason that begin of 2024, together with three that had been demonstrated at Pwn2Own 2024 –
Customers are really useful to improve to Chrome model 128.0.6613.84/.85 for Home windows and macOS, and model 128.0.6613.84 for Linux to mitigate potential threats.
Customers of Chromium-based browsers comparable to Microsoft Edge, Courageous, Opera, and Vivaldi are additionally suggested to use the fixes as and after they change into obtainable.
