August 22, 2024 at 11:22AM
Google released a new emergency security update for Chrome to patch a zero-day vulnerability exploited in attacks. The high-severity CVE-2024-7971 vulnerability in Chrome’s V8 JavaScript engine was reported by Microsoft researchers. The update (128.0.6613.84/.85) will be automatically rolled out to users, and manual updates can be initiated through the Chrome menu. Details of the exploitation remain restricted.
Based on the meeting notes, the key takeaways are:
– Google has released a new Chrome emergency security update to patch a zero-day vulnerability (CVE-2024-7971) that has been exploited in attacks.
– The vulnerability is caused by a type confusion weakness in Chrome’s V8 JavaScript engine and can enable attackers to trigger browser crashes or exploit for arbitrary code execution on unpatched browsers.
– Google has fixed the zero-day with the release of version 128.0.6613.84/.85 for Windows/macOS and 128.0.6613.84 for Linux, which will roll out to all users in the coming weeks.
– Users can speed up the update process by going to the Chrome menu > Help > About Google Chrome and clicking the ‘Relaunch’ button to install the update.
– Google has confirmed the exploitation of CVE-2024-7971 but has not yet shared additional information, and access to bug details may be restricted until a majority of users are updated.
– This is the ninth Chrome zero-day patched by Google in 2024, either exploited in the wild or at the Pwn2Own hacking contest, with various vulnerabilities identified and addressed.
Please let me know if there is anything else you need assistance with.