Google patches another Chrome actively exploited flaw, 10th this year
Take action: Time to patch again - update your Chrome and Chromium browsers (Opera, Brave, Edge) as soon as possible. The vulnerability is already being exploited, so it's just a matter of time before your vulnerable browser stumbles on the exploit. Don't delay, the update is trivial and all your tabs are reopened automatically.
Learn More
Google has released a security update to patch a high-severity zero-day vulnerability, tracked as CVE-2024-7965 (CVSS score 8.8), that has been actively exploited in the wild.
This vulnerability, reported by the security researcher known as "TheDog," involves an inappropriate implementation in Google Chrome's V8 JavaScript engine. The flaw allows remote attackers to trigger heap corruption by manipulating specially crafted HTML pages, potentially leading to arbitrary code execution or unauthorized access.
The post announcing the exploited flaw mentiones another high-severity zero-day (CVE-2024-7971), related to a type confusion issue in the V8 engine, has also been exploited in the wild. Despite the patch releases, Google has kept technical details limited until the majority of users have updated their systems.
CVE-2024-7965 is the tenth zero-day exploited in the wild in 2024 that Google has addressed. This bug was patched in Chrome version 128.0.6613.84 for Linux and 128.0.6613.84/.85 for Windows and macOS.
