Friend
Professional
- Messages
- 2,653
- Reaction score
- 850
- Points
- 113
Update your browser urgently to avoid cyberattacks.
Google has announced the release of an update that closes the tenth zero-day vulnerability that was actively exploited by attackers or white hat hackers as part of the competition in 2024.
CVE-2024-7965 (CVSS score: 8.8) is a bug in the implementation of the V8 engine for JavaScript in Google Chrome. The flaw allowed a remote attacker to use a specially crafted HTML page to heap corruption, potentially allowing malicious code to execute on the target device.
Information about the vulnerability was included in an update to the Google blog, where it was previously reported that another zero-day vulnerability CVE-2024-7971 (CVSS score: 8.8) related to type confusion in the same V8 engine was closed. In a new post, Google noted that the company is aware of the presence of exploits for CVE-2024-7971 and CVE-2024-7965.
Both vulnerabilities have been fixed in Chrome version 128.0.6613.84/.85 for Windows and macOS, as well as in version 128.0.6613.84 for Linux users. The updates are now available to all users of the stable version for PC.
Despite automatically updating the browser when vapors are released, users can speed up the manual installation process by opening the Chrome menu > > About Google Chrome Help, waiting for the update to complete, and clicking the "Restart" button to apply the changes.
Although Google has confirmed the presence of the CVE-2024-7971 and CVE-2024-7965 vulnerabilities, the company has not yet provided additional details about the nature of the attacks in which they were used. Google also clarified that access to error details and related links may remain limited until most users update their systems with the patch installed. In addition, restrictions may persist if the vulnerability is present in a third-party library that other projects depend on and has not yet been patched.
Source
Google has announced the release of an update that closes the tenth zero-day vulnerability that was actively exploited by attackers or white hat hackers as part of the competition in 2024.
CVE-2024-7965 (CVSS score: 8.8) is a bug in the implementation of the V8 engine for JavaScript in Google Chrome. The flaw allowed a remote attacker to use a specially crafted HTML page to heap corruption, potentially allowing malicious code to execute on the target device.
Information about the vulnerability was included in an update to the Google blog, where it was previously reported that another zero-day vulnerability CVE-2024-7971 (CVSS score: 8.8) related to type confusion in the same V8 engine was closed. In a new post, Google noted that the company is aware of the presence of exploits for CVE-2024-7971 and CVE-2024-7965.
Both vulnerabilities have been fixed in Chrome version 128.0.6613.84/.85 for Windows and macOS, as well as in version 128.0.6613.84 for Linux users. The updates are now available to all users of the stable version for PC.
Despite automatically updating the browser when vapors are released, users can speed up the manual installation process by opening the Chrome menu > > About Google Chrome Help, waiting for the update to complete, and clicking the "Restart" button to apply the changes.
Although Google has confirmed the presence of the CVE-2024-7971 and CVE-2024-7965 vulnerabilities, the company has not yet provided additional details about the nature of the attacks in which they were used. Google also clarified that access to error details and related links may remain limited until most users update their systems with the patch installed. In addition, restrictions may persist if the vulnerability is present in a third-party library that other projects depend on and has not yet been patched.
Source
