A critical security vulnerability in Google Chrome has recently been discovered, raising concerns within the cybersecurity community. The flaw, identified as CVE-2024-7965, was patched in a recent update but has already been exploited by attackers.
Chrome’s V8 JavaScript and WebAssembly
The issue stems from an improper implementation in Chrome’s V8 JavaScript and WebAssembly engine. This flaw could allow malicious actors to exploit heap corruption through a specially crafted webpage, potentially compromising users’ systems.
A security researcher known as TheDog discovered and reported this vulnerability on July 30, 2024, earning a substantial $11,000 bug bounty. While Google has confirmed active exploitation of the flaw, they haven’t shared specifics about the attacks or the threat actors involved.
Broader Context and Recent Chrome Vulnerabilities
This incident is part of a larger trend. Since the beginning of 2024, Google has addressed nine zero-day vulnerabilities in Chrome. Three of these were demonstrated at the Pwn2Own 2024 competition, highlighting the ongoing challenges in browser security.
The list of recent Chrome zero-days includes various types of vulnerabilities, such as out-of-bounds memory access, use-after-free issues, and type confusion problems. These flaws affected different components of the browser, including the V8 engine, WebCodecs, and WebAssembly.
Protecting Yourself
If you’re using Google Chrome, it’s crucial to update your browser immediately. The patched versions are 128.0.6613.84/.85 for Windows and macOS, and 128.0.6613.84 for Linux. By updating, you’ll protect yourself against this known vulnerability and potential attacks.
In the meantime, stay vigilant and keep your software up-to-date to maintain your online security.
Read this also: Security Risk in AMD CPUs Patched for Recent Models
