Google has implemented critical security fixes to address a high-severity vulnerability in its Chrome browser, tracked as CVE-2024-7971. This security flaw, characterized as a type confusion bug in the V8 JavaScript and WebAssembly engine, has reportedly been exploited in the wild. The National Institute of Standards and Technology (NIST) describes the vulnerability as allowing remote attackers to exploit heap corruption through specially crafted HTML pages. The vulnerability was discovered and reported on August 19, 2024, by the Microsoft Threat Intelligence Center and Microsoft Security Response Center.
Google has acknowledged the existence of an exploit for CVE-2024-7971, confirming that it is aware of active attacks targeting this flaw. While specific details regarding the nature of these attacks or the identity of the threat actors remain undisclosed, the tech giant emphasizes the importance of patching the vulnerability to protect users. Notably, this incident marks the third type confusion bug that Google has patched in V8 this year, following earlier vulnerabilities CVE-2024-4947 and CVE-2024-5274.
Since the beginning of 2024, Google has addressed a total of nine zero-day vulnerabilities in Chrome. These include various issues, such as out-of-bounds memory access and use-after-free errors, some of which were highlighted during the Pwn2Own 2024 hacking competition. The continuous emergence of such vulnerabilities indicates a growing challenge in securing web browsers, particularly as the number of zero-day exploits increases.
To mitigate potential threats, users are strongly urged to upgrade to the latest Chrome version 128.0.6613.84 for Windows and macOS, as well as for Linux. Additionally, users of other Chromium-based browsers, including Microsoft Edge, Brave, Opera, and Vivaldi, are advised to apply the necessary security updates as they become available. This proactive approach to security helps safeguard user data and maintain browser integrity amid rising cyber threats.
Reference:
