Blog Details

  • Home
  • Blog
  • Google Patches Actively Exploited Chrome Vulnerability CVE-2024-7965
Google Patches Actively Exploited Chrome Vulnerability CVE-2024-7965

Google Patches Actively Exploited Chrome Vulnerability CVE-2024-7965

Google has disclosed that a recently patched security flaw in its Chrome browser has been exploited in the wild. The vulnerability, identified as CVE-2024-7965, is described as an inappropriate implementation bug in the V8 JavaScript and WebAssembly engine.

According to the NIST National Vulnerability Database (NVD), "Inappropriate implementation in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page." This flaw, if exploited, could enable remote attackers to compromise the affected systems.

Discovery and Reporting

The security flaw was discovered and reported by a researcher known as TheDog, who was rewarded with an $11,000 bug bounty for the discovery. TheDog reported the issue on July 30, 2024. Google acknowledged the presence of an exploit for CVE-2024-7965, confirming the vulnerability was actively exploited after the release of the patch.

Details of the Exploitation

While the exact details of the attacks exploiting CVE-2024-7965 remain unclear, including the identities of the threat actors involved, Google has highlighted the need for users to update their Chrome browsers immediately. It is also currently uncertain whether the vulnerability was being exploited as a zero-day before the patch was released.

The latest Chrome updates bring the browser to version 128.0.6613.84 for Linux and version 128.0.6613.84/.85 for Windows and macOS. Users are strongly advised to install these updates to mitigate potential risks associated with the flaw.

Google’s Track Record in 2024

Since the beginning of 2024, Google has addressed nine zero-day vulnerabilities in Chrome, including three demonstrated at Pwn2Own 2024:

  1. CVE-2024-0519 - Out-of-bounds memory access in V8
  2. CVE-2024-2886 - Use-after-free in WebCodecs (Pwn2Own 2024)
  3. CVE-2024-2887 - Type confusion in WebAssembly (Pwn2Own 2024)
  4. CVE-2024-3159 - Out-of-bounds memory access in V8 (Pwn2Own 2024)
  5. CVE-2024-4671 - Use-after-free in Visuals
  6. CVE-2024-4761 - Out-of-bounds write in V8
  7. CVE-2024-4947 - Type confusion in V8
  8. CVE-2024-5274 - Type confusion in V8
  9. CVE-2024-7971 - Type confusion in V8

 

With Google Chrome being one of the most widely used web browsers globally, ensuring its security is paramount. Users should prioritize updating their Chrome installations to the latest versions to shield themselves from potential exploitation and stay protected.

 

Reference: www.thehackernews.com

© 2016 - 2025 Red Secure Tech Ltd. Registered in England and Wales under Company Number: 15581067