Friend
Professional
- Messages
- 2,653
- Reaction score
- 852
- Points
- 113
Updating your browser can save your data.
BI. ZONE has conducted a technical analysis of a critical vulnerability in the V8 JavaScript engine used in the Google Chrome browser. The vulnerability has been established to pose a threat to users of Android smartphones and some models of laptops running macOS.
Google reported the exploitation of CVE-2024-7965 on August 26, a few days after the release of version 128.0.6613.84, in which the bug was fixed. The vulnerability allows attackers to take control of the browser renderer when the user navigates to a site containing specially prepared JavaScript code. The CVSS vulnerability has a CVSS score of 8.8 out of 10, indicating a high severity of the vulnerability.
Google noted that CVE-2024-7965 was used in conjunction with CVE-2024-7964, a vulnerability related to the Privacy Sandbox platform in Chrome. Combined, these vulnerabilities allow attackers to not only take control of the victim's browser, but also gain access to sensitive data such as passwords, browsing history, and stored cookies. Successful exploitation also allows you to install spyware on the device to monitor the user's browsing activities.
All Chromium-based browsers are also at risk. In some of them, the error may still not be fixed.
Analysis has shown that the CVE-2024-7965 vulnerability applies to devices with an ARM processor architecture, such as Apple laptops released after November 2020, and Android smartphones of any version.
Experts found that CVE-2024-7965 is associated with incorrect value processing during optimization during JavaScript code execution. The error leads to the possibility of writing and reading outside the legitimate memory area, which, in turn, makes it possible to seize control of code execution. This allows a cybercriminal, if there is a common XSS vulnerability on a subdomain of a popular site (for example, my.example.com), to steal a user's session on the main site and all other subdomains (for example, example.com and mail.example.com). The consequences range from leaking sensitive data to infecting the device with malware.
Users are advised to update their browser to the latest version unless automatic updates are configured to protect their devices.
Source
BI. ZONE has conducted a technical analysis of a critical vulnerability in the V8 JavaScript engine used in the Google Chrome browser. The vulnerability has been established to pose a threat to users of Android smartphones and some models of laptops running macOS.
Google reported the exploitation of CVE-2024-7965 on August 26, a few days after the release of version 128.0.6613.84, in which the bug was fixed. The vulnerability allows attackers to take control of the browser renderer when the user navigates to a site containing specially prepared JavaScript code. The CVSS vulnerability has a CVSS score of 8.8 out of 10, indicating a high severity of the vulnerability.
Google noted that CVE-2024-7965 was used in conjunction with CVE-2024-7964, a vulnerability related to the Privacy Sandbox platform in Chrome. Combined, these vulnerabilities allow attackers to not only take control of the victim's browser, but also gain access to sensitive data such as passwords, browsing history, and stored cookies. Successful exploitation also allows you to install spyware on the device to monitor the user's browsing activities.
All Chromium-based browsers are also at risk. In some of them, the error may still not be fixed.
Analysis has shown that the CVE-2024-7965 vulnerability applies to devices with an ARM processor architecture, such as Apple laptops released after November 2020, and Android smartphones of any version.
Experts found that CVE-2024-7965 is associated with incorrect value processing during optimization during JavaScript code execution. The error leads to the possibility of writing and reading outside the legitimate memory area, which, in turn, makes it possible to seize control of code execution. This allows a cybercriminal, if there is a common XSS vulnerability on a subdomain of a popular site (for example, my.example.com), to steal a user's session on the main site and all other subdomains (for example, example.com and mail.example.com). The consequences range from leaking sensitive data to infecting the device with malware.
Users are advised to update their browser to the latest version unless automatic updates are configured to protect their devices.
Source
