Google has released security patches to address a serious security flaw in its Chrome browser that it says is being actively exploited in the wild.
Tracked as CVE-2024-7971The vulnerability was described as a type confusion bug in the V8 JavaScript engine and WebAssembly.
“Type confusion in Google Chrome V8 prior to 128.0.6613.84 allowed a remote attacker to exploit heap corruption via a crafted HTML page,” the report said. description about the bug in the NIST National Vulnerability Database (NVD).
The Microsoft Threat Intelligence Center (MSTIC) and the Microsoft Security Response Center (MSRC) were acknowledged to have discovered and reported the flaw on August 19, 2024.
No further details have been released about the nature of the attacks exploiting the flaw or the identity of the threat actors who might use it as a weapon, mainly to ensure that most users are updated with the patch.
However, the technology giant admitted in a succinct statement that “an exploit for CVE-2024-7971 is known to exist in the wild.” It should be noted that CVE-2024-7971 is the third confusion-type bug it has fixed in V8 this year, following CVE-2024-4947 and CVE-2024-5274.
So far, Google has looked at nine Chrome zero days since the start of 2024, including three that were demonstrated at Pwn2Own 2024 –
Users are advised to update Chrome to version 128.0.6613.84/.85 for Windows and macOS and to version 128.0.6613.84 for Linux to reduce potential threats.
Users of Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi are also encouraged to apply patches when they become available.
