Chrome Zero-day Vulnerability

Google has recently addressed a high-severity zero-day vulnerability in its Chrome browser, identified as CVE-2024–7971. This vulnerability involves a type of confusion issue within the V8 JavaScript engine, which can be exploited to execute arbitrary code.

The flaw was reported by the Microsoft Threat Intelligence Center (MSTIC) and the Microsoft Security Response Center (MSRC) on August 19, 2024, and is known to be actively exploited in the wild.

Google has acknowledged the active exploitation of this vulnerability and has released updates to mitigate the risk to users.

High Severity Vulnerabilities in Chrome 128

The latest Chrome update, version 128.0.6613.84/.85, addresses a total of 38 security vulnerabilities. Below are the high-severity flaws that were highlighted:

• CVE-2024–7964: A use-after-free vulnerability in the Passwords component, reported by an anonymous researcher on August 8, 2024. This type of vulnerability can lead to arbitrary code execution or a crash when the program accesses memory that has already been freed.
• CVE-2024–7965: An inappropriate implementation issue in the V8 JavaScript engine, reported by a researcher known as TheDog on July 30, 2024. This can potentially allow attackers to execute arbitrary code.