Headline
Google Warns of CVE-2024-7965 Chrome Security Flaw Under Active Exploitation
Google has revealed that a security flaw that was patched as part of a security update rolled out last week to its Chrome browser has come under active exploitation in the wild. Tracked as CVE-2024-7965, the vulnerability has been described as an inappropriate implementation bug in the V8 JavaScript and WebAssembly engine. "Inappropriate implementation in V8 in Google Chrome prior to
Vulnerability / Browser Security
Google has revealed that a security flaw that was patched as part of a security update rolled out last week to its Chrome browser has come under active exploitation in the wild.
Tracked as CVE-2024-7965, the vulnerability has been described as an inappropriate implementation bug in the V8 JavaScript and WebAssembly engine.
“Inappropriate implementation in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page,” according to a description of the bug in the NIST National Vulnerability Database (NVD).
A security researcher who goes by the online pseudonym TheDog has been credited with discovering and reporting the flaw on July 30, 2024, earning them a bug bounty of $11,000.
Additional specifics about the nature of the attacks exploiting the flaw or the identity of the threat actors that may be utilizing it have not been released. The tech giant, however, acknowledged that it’s aware of the existence of an exploit for CVE-2024-7965.
It also said, “in the wild exploitation of CVE-2024-7965 […] was reported after this release.” That said, it’s currently not clear if the flaw was weaponized as a zero-day prior to its disclosure last week.
The Hacker News has reached out to Google for further information about the flaw, and we will update the story if we hear back.
Google has so far addressed nine zero-days in Chrome since the start of 2024, including three that were demonstrated at Pwn2Own 2024 -
- CVE-2024-0519 - Out-of-bounds memory access in V8
- CVE-2024-2886 - Use-after-free in WebCodecs (demonstrated at Pwn2Own 2024)
- CVE-2024-2887 - Type confusion in WebAssembly (demonstrated at Pwn2Own 2024)
- CVE-2024-3159 - Out-of-bounds memory access in V8 (demonstrated at Pwn2Own 2024)
- CVE-2024-4671 - Use-after-free in Visuals
- CVE-2024-4761 - Out-of-bounds write in V8
- CVE-2024-4947 - Type confusion in V8
- CVE-2024-5274 - Type confusion in V8
- CVE-2024-7971 - Type confusion in V8
Users are highly recommended to upgrade to Chrome version 128.0.6613.84/.85 for Windows and macOS, and version 128.0.6613.84 for Linux to mitigate potential threats.
Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.
Related news
Cybersecurity news can sometimes feel like a never-ending horror movie, can't it? Just when you think the villains are locked up, a new threat emerges from the shadows. This week is no exception, with tales of exploited flaws, international espionage, and AI shenanigans that could make your head spin. But don't worry, we're here to break it all down in plain English and arm you with the
North Korean hackers from Lazarus Group exploited a zero-day vulnerability in Google Chrome to target cryptocurrency investors with…
The North Korean threat actor known as Lazarus Group has been attributed to the zero-day exploitation of a now-patched security flaw in Google Chrome to seize control of infected devices. Cybersecurity vendor Kaspersky said it discovered a novel attack chain in May 2024 that targeted the personal computer of an unnamed Russian national with the Manuscrypt backdoor. This entails triggering the
The North Korean actor is going after cryptocurrency investors worldwide leveraging a genuine-looking game site and AI-generated content and images.
In recent years, the number and sophistication of zero-day vulnerabilities have surged, posing a critical threat to organizations of all sizes. A zero-day vulnerability is a security flaw in software that is unknown to the vendor and remains unpatched at the time of discovery. Attackers exploit these flaws before any defensive measures can be implemented, making zero-days a potent weapon for
In my opinion, mandatory enrollment is best enrollment.
A recently patched security flaw in Google Chrome and other Chromium web browsers was exploited as a zero-day by North Korean actors in a campaign designed to deliver the FudModule rootkit. The development is indicative of the persistent efforts made by the nation-state adversary, which had made a habit of incorporating rafts of Windows zero-day exploits into its arsenal in recent months.
Cybersecurity researchers have flagged multiple in-the-wild exploit campaigns that leveraged now-patched flaws in Apple Safari and Google Chrome browsers to infect mobile users with information-stealing malware. "These campaigns delivered n-day exploits for which patches were available, but would still be effective against unpatched devices," Google Threat Analysis Group (TAG) researcher Clement
Debian Linux Security Advisory 5757-1 - Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure.
Debian Linux Security Advisory 5757-1 - Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure.
Google has released an update to Chrome that fixes one zero-day vulnerability and introduces Google Lens for desktop.
Google has rolled out security fixes to address a high-severity security flaw in its Chrome browser that it said has come under active exploitation in the wild. Tracked as CVE-2024-7971, the vulnerability has been described as a type confusion bug in the V8 JavaScript and WebAssembly engine. "Type confusion in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to exploit heap
Google has rolled out security fixes to address a high-severity security flaw in its Chrome browser that it said has come under active exploitation in the wild. Tracked as CVE-2024-7971, the vulnerability has been described as a type confusion bug in the V8 JavaScript and WebAssembly engine. "Type confusion in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to exploit heap
Google has rolled out security fixes to address a high-severity security flaw in its Chrome browser that it said has come under active exploitation in the wild. Tracked as CVE-2024-7971, the vulnerability has been described as a type confusion bug in the V8 JavaScript and WebAssembly engine. "Type confusion in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to exploit heap
Google has rolled out security fixes to address a high-severity security flaw in its Chrome browser that it said has come under active exploitation in the wild. Tracked as CVE-2024-7971, the vulnerability has been described as a type confusion bug in the V8 JavaScript and WebAssembly engine. "Type confusion in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to exploit heap
Google has rolled out security fixes to address a high-severity security flaw in its Chrome browser that it said has come under active exploitation in the wild. Tracked as CVE-2024-7971, the vulnerability has been described as a type confusion bug in the V8 JavaScript and WebAssembly engine. "Type confusion in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to exploit heap
Google has rolled out security fixes to address a high-severity security flaw in its Chrome browser that it said has come under active exploitation in the wild. Tracked as CVE-2024-7971, the vulnerability has been described as a type confusion bug in the V8 JavaScript and WebAssembly engine. "Type confusion in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to exploit heap
Google has rolled out security fixes to address a high-severity security flaw in its Chrome browser that it said has come under active exploitation in the wild. Tracked as CVE-2024-7971, the vulnerability has been described as a type confusion bug in the V8 JavaScript and WebAssembly engine. "Type confusion in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to exploit heap
Google has rolled out security fixes to address a high-severity security flaw in its Chrome browser that it said has come under active exploitation in the wild. Tracked as CVE-2024-7971, the vulnerability has been described as a type confusion bug in the V8 JavaScript and WebAssembly engine. "Type confusion in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to exploit heap
Google has rolled out security fixes to address a high-severity security flaw in its Chrome browser that it said has come under active exploitation in the wild. Tracked as CVE-2024-7971, the vulnerability has been described as a type confusion bug in the V8 JavaScript and WebAssembly engine. "Type confusion in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to exploit heap
Debian Linux Security Advisory 5697-1 - A security issue was discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure. Google is aware that an exploit for CVE-2024-5274 exists in the wild.
Google has released security patches for two vulnerabilities. Make sure you're using the latest version.
Google has released security patches for two vulnerabilities. Make sure you're using the latest version.
Debian Linux Security Advisory 5687-1 - A security issue was discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure. Google is aware that an exploit for CVE-2024-4671 exists in the wild.
Debian Linux Security Advisory 5654-1 - Security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
Plus: Microsoft patches over 60 vulnerabilities, Mozilla fixes two Firefox zero-day bugs, Google patches 40 issues in Android, and more.
Plus: Microsoft patches over 60 vulnerabilities, Mozilla fixes two Firefox zero-day bugs, Google patches 40 issues in Android, and more.
Debian Linux Security Advisory 5648-1 - Security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
Debian Linux Security Advisory 5648-1 - Security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
Hello everyone! In this episode, I will talk about the February updates of my open source projects, also about projects at my main job at Positive Technologies and interesting vulnerabilities. Alternative video link (for Russia): https://vk.com/video-149273431_456239140 Let’s start with my open source projects. Vulremi A simple vulnerability remediation utility, Vulremi, now has a logo and […]
Gentoo Linux Security Advisory 202402-23 - Multiple vulnerabilities have been discovered in Chromium and its derivatives, the worst of which can lead to remote code execution. Versions greater than or equal to 121.0.6167.139 are affected.
Debian Linux Security Advisory 5602-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure. An exploit for CVE-2024-0519 exists in the wild.
Google has issued a security update for the Chrome browser that includes a patch for one zero-day vulnerability.
Google on Tuesday released updates to fix four security issues in its Chrome browser, including an actively exploited zero-day flaw. The issue, tracked as CVE-2024-0519, concerns an out-of-bounds memory access in the V8 JavaScript and WebAssembly engine, which can be weaponized by threat actors to trigger a crash. "By reading out-of-bounds memory, an attacker might be able to get secret values,