Google patches another actively exploited flaw in Chrome
Take action: Once more - update your Chrome and Chromium browsers (Opera, Brave, Edge) as soon as possible. The vulnerability is already being exploited, so it's just a matter of time before your vulnerable browser stumbles on the exploit. Don't delay, the update is trivial and all your tabs are reopened automatically.
Learn More
Google has released an emergency security update for Chrome to address a high-severity vulnerability that has already been exploited in the wild.
The flaw is tracked as CVE-2024-7971 (CVSS score 8.8) is due to a type confusion weakness in Chrome's V8 JavaScript engine. The vulnerability, reported by the Microsoft Threat Intelligence Center (MSTIC) and Microsoft Security Response Center (MSRC) on August 19, 2024, can allow attackers to execute arbitrary code on affected devices running unpatched versions of Chrome.
Type confusion vulnerabilities often lead to browser crashes when data stored in memory is incorrectly interpreted as a different type. In this case, it can be leveraged for remote code execution.
Google has released Chrome versions 128.0.6613.84/.85 for Windows and macOS, and 128.0.6613.84 for Linux. These updates will be rolled out gradually to all users in the Stable Desktop channel over the coming weeks.
Google confirmed that CVE-2024-7971 is being actively exploited but specific details about how the vulnerability is being used in the wild remain under wraps. The company stated that access to detailed information would remain restricted until most users have applied the patch, and further restrictions might be maintained if the issue also affects third-party libraries.
