Google has revealed {that a} safety flaw that was patched as a part of a safety replace rolled out final week to its Chrome browser has come below lively exploitation within the wild.
Tracked as CVE-2024-7965, the vulnerability has been described as an inappropriate implementation bug within the V8 JavaScript and WebAssembly engine.
“Inappropriate implementation in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page,” in line with a description of the bug within the NIST Nationwide Vulnerability Database (NVD).
A safety researcher who goes by the net pseudonym TheDog has been credited with discovering and reporting the flaw on July 30, 2024, incomes them a bug bounty of $11,000.
Further specifics in regards to the nature of the assaults exploiting the flaw or the identification of the menace actors which may be using it haven’t been launched. The tech big, nevertheless, acknowledged that it is conscious of the existence of an exploit for CVE-2024-7965.
It additionally stated, “in the wild exploitation of CVE-2024-7965 […] was reported after this release.” That stated, it is at the moment not clear if the flaw was weaponized as a zero-day previous to its disclosure final week.
The Hacker Information has reached out to Google for additional details about the flaw, and we’ll replace the story if we hear again.
Google has up to now addressed 9 zero-days in Chrome because the begin of 2024, together with three that have been demonstrated at Pwn2Own 2024 –
Customers are extremely really useful to improve to Chrome model 128.0.6613.84/.85 for Home windows and macOS, and model 128.0.6613.84 for Linux to mitigate potential threats.
