August 22, 2024 at 02:51PM
New security fixes are being rolled out for Chrome to address a high-severity type confusion bug, identified as CVE-2024-7971, in the V8 JavaScript engine. Google reported the presence of an exploit for this vulnerability. The updated version 128 of Chrome will address 38 vulnerabilities, including CVE-2024-7971, and is expected to be released within the next few days and weeks.
Based on the meeting notes, the key takeaways are:
– New security fixes are being rolled out by Google to address a high-severity vulnerability found in Chrome browser.
– The vulnerability, tracked as CVE-2024-7971, is a type confusion bug located in the V8 JavaScript and WebAssembly engine.
– Google reported that an exploit for the vulnerability exists in the wild.
– The NIST National Vulnerability Database (NVD) reported that the type confusion in V8 in Google Chrome prior to version 128.0.6613.84 allowed a remote attacker to exploit heap corruption via a crafted HTML page.
– Chrome’s updated version 128 will roll out in the next few days and weeks, with fixes for 38 vulnerabilities, including CVE-2024-7971.
– Google credited the Microsoft Threat Intelligence Center (MSTIC) and Microsoft Security Response Center (MSRC) with reporting the type confusion flaw just a few days ago.