August 22, 2024 at 02:00AM
Google has released security fixes for a high-severity vulnerability (CVE-2024-7971) in its Chrome browser, actively exploited in the wild. It’s a type confusion bug in the V8 engine. The flaw was discovered by Microsoft Threat Intelligence Center and Microsoft Security Response Center. Users are urged to update to Chrome version 128.0.6613.84/.85 for Windows and macOS to mitigate potential threats.
Key takeaways from the meeting notes are:
– Google has rolled out security fixes for a high-severity security flaw in its Chrome browser, tracked as CVE-2024-7971, a type confusion bug in the V8 JavaScript and WebAssembly engine.
– The vulnerability allowed a remote attacker to exploit heap corruption via a crafted HTML page.
– The Microsoft Threat Intelligence Center and Microsoft Security Response Center were credited with discovering and reporting the flaw on August 19, 2024.
– There are no additional details about the nature of the attacks exploiting the flaw or the identity of the threat actors, to ensure most users are updated with a fix.
– Google acknowledged the existence of an exploit for CVE-2024-7971 in the wild and has patched nine zero-days in Chrome since the start of 2024.
– Users are recommended to upgrade to Chrome version 128.0.6613.84/.85 for Windows and macOS, and version 128.0.6613.84 for Linux to mitigate potential threats.
– Users of Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi are also advised to apply the fixes as they become available.