Friend
Professional
- Messages
- 2,653
- Reaction score
- 850
- Points
- 113
The problem was the third in a row in the V8 engine since the beginning of the year.
Google has released security updates for its Chrome browser to address a serious zero-day vulnerability that is currently being actively exploited by attackers in real-world attacks. The issue, designated CVE-2024-7971, is a "Type Confusion" bug in the V8 engine, which is responsible for executing JavaScript and WebAssembly.
According to the NIST National Vulnerability Database, the problem allows a remote attacker to cause memory corruption through a specially crafted HTML page. The identification of the problem and its characteristics were reported by Microsoft's cyber threat division on August 19, 2024.
Google has not yet disclosed details about the nature of the attacks or the identities of those who may have exploited the vulnerability. This is done so that most users have time to update their browsers before the information becomes publicly available. However, the company's statement confirms that the vulnerability is already being actively exploited.
CVE-2024-7971 was the third such "Type Confusion" vulnerability in V8 patched by Google in 2024, after CVE-2024-4947 and CVE-2024-5274. In total, the company has fixed nine zero-day vulnerabilities in Chrome since the beginning of the year, some of which were demonstrated at the Pwn2Own 2024 hacking competition.
Chrome users on Windows, Linux, and macOS are strongly advised to update their browsers to version 128.0.6613.84 to protect themselves from potential threats. Owners of Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi should also install available updates when they become available.
Browser updates are usually installed automatically, but it's a good idea to manually check the current version of the software you're using. These measures will help minimize the risks associated with the vulnerability and protect yourself from possible attacks.
Source
Google has released security updates for its Chrome browser to address a serious zero-day vulnerability that is currently being actively exploited by attackers in real-world attacks. The issue, designated CVE-2024-7971, is a "Type Confusion" bug in the V8 engine, which is responsible for executing JavaScript and WebAssembly.
According to the NIST National Vulnerability Database, the problem allows a remote attacker to cause memory corruption through a specially crafted HTML page. The identification of the problem and its characteristics were reported by Microsoft's cyber threat division on August 19, 2024.
Google has not yet disclosed details about the nature of the attacks or the identities of those who may have exploited the vulnerability. This is done so that most users have time to update their browsers before the information becomes publicly available. However, the company's statement confirms that the vulnerability is already being actively exploited.
CVE-2024-7971 was the third such "Type Confusion" vulnerability in V8 patched by Google in 2024, after CVE-2024-4947 and CVE-2024-5274. In total, the company has fixed nine zero-day vulnerabilities in Chrome since the beginning of the year, some of which were demonstrated at the Pwn2Own 2024 hacking competition.
Chrome users on Windows, Linux, and macOS are strongly advised to update their browsers to version 128.0.6613.84 to protect themselves from potential threats. Owners of Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi should also install available updates when they become available.
Browser updates are usually installed automatically, but it's a good idea to manually check the current version of the software you're using. These measures will help minimize the risks associated with the vulnerability and protect yourself from possible attacks.
Source
