Google has disclosed that a recently patched security flaw in its Chrome browser has been exploited in the wild. The vulnerability, identified as CVE-2024-7965, is described as an inappropriate implementation bug in the V8 JavaScript and WebAssembly engine.
According to the NIST National Vulnerability Database (NVD), "Inappropriate implementation in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page." This flaw, if exploited, could enable remote attackers to compromise the affected systems.
The security flaw was discovered and reported by a researcher known as TheDog, who was rewarded with an $11,000 bug bounty for the discovery. TheDog reported the issue on July 30, 2024. Google acknowledged the presence of an exploit for CVE-2024-7965, confirming the vulnerability was actively exploited after the release of the patch.
While the exact details of the attacks exploiting CVE-2024-7965 remain unclear, including the identities of the threat actors involved, Google has highlighted the need for users to update their Chrome browsers immediately. It is also currently uncertain whether the vulnerability was being exploited as a zero-day before the patch was released.
The latest Chrome updates bring the browser to version 128.0.6613.84 for Linux and version 128.0.6613.84/.85 for Windows and macOS. Users are strongly advised to install these updates to mitigate potential risks associated with the flaw.
Since the beginning of 2024, Google has addressed nine zero-day vulnerabilities in Chrome, including three demonstrated at Pwn2Own 2024:
With Google Chrome being one of the most widely used web browsers globally, ensuring its security is paramount. Users should prioritize updating their Chrome installations to the latest versions to shield themselves from potential exploitation and stay protected.
© 2016 - 2025 Red Secure Tech Ltd. Registered in England and Wales under Company Number: 15581067