Google Warns of CVE-2024-7965 Chrome Safety Flaw Below Lively Exploitation

Aug 27, 2024Ravie LakshmananVulnerability / Browser Safety

Google has revealed {that a} safety flaw that was patched as a part of a safety replace rolled out final week to its Chrome browser has come below lively exploitation within the wild.

Tracked as CVE-2024-7965, the vulnerability has been described as an inappropriate implementation bug within the V8 JavaScript and WebAssembly engine.

“Inappropriate implementation in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page,” in line with a description of the bug within the NIST Nationwide Vulnerability Database (NVD).

A safety researcher who goes by the net pseudonym TheDog has been credited with discovering and reporting the flaw on July 30, 2024, incomes them a bug bounty of $11,000.

Further specifics in regards to the nature of the assaults exploiting the flaw or the identification of the menace actors which may be using it haven’t been launched. The tech big, nevertheless, acknowledged that it is conscious of the existence of an exploit for CVE-2024-7965.

Cybersecurity

It additionally stated, “in the wild exploitation of CVE-2024-7965 […] was reported after this release.” That stated, it is at the moment not clear if the flaw was weaponized as a zero-day previous to its disclosure final week.

The Hacker Information has reached out to Google for additional details about the flaw, and we’ll replace the story if we hear again.

Google has up to now addressed 9 zero-days in Chrome because the begin of 2024, together with three that have been demonstrated at Pwn2Own 2024 –

Customers are extremely really useful to improve to Chrome model 128.0.6613.84/.85 for Home windows and macOS, and model 128.0.6613.84 for Linux to mitigate potential threats.

Discovered this text attention-grabbing? Observe us on Twitter and LinkedIn to learn extra unique content material we submit.

Recent articles

Patch Alert: Essential Apache Struts Flaw Discovered, Exploitation Makes an attempt Detected

Dec 18, 2024Ravie LakshmananCyber Assault / Vulnerability Risk actors are...

Meta Fined €251 Million for 2018 Knowledge Breach Impacting 29 Million Accounts

Dec 18, 2024Ravie LakshmananKnowledge Breach / Privateness Meta Platforms, the...