Google has rolled out security fixes to handle a high-severity security flaw in its Chrome browser that it mentioned has come underneath energetic exploitation within the wild.
Tracked as CVE-2024-7971, the vulnerability has been described as a sort confusion bug within the V8 JavaScript and WebAssembly engine.
“Sort confusion in V8 in Google Chrome previous to 128.0.6613.84 allowed a distant attacker to take advantage of heap corruption through a crafted HTML web page,” in line with an outline of the bug within the NIST Nationwide Vulnerability Database (NVD).
The Microsoft Risk Intelligence Heart (MSTIC) and Microsoft Safety Response Heart (MSRC) have been credited with discovering and reporting the flaw on August 19, 2024.
No extra particulars concerning the nature of the assaults exploiting the flaw or the identification of the risk actors which may be weaponizing it have been launched, primarily to make sure that a majority of the customers are up to date with a repair.
The tech large, nonetheless, acknowledged in a terse assertion that it is “conscious that an exploit for CVE-2024-7971 exists within the wild.” It is price mentioning that CVE-2024-7971 is the third kind confusion bug that it has patched in V8 this 12 months after CVE-2024-4947 and CVE-2024-5274.
Google has up to now addressed 9 zero-days in Chrome for the reason that begin of 2024, together with three that had been demonstrated at Pwn2Own 2024 –
Customers are advisable to improve to Chrome model 128.0.6613.84/.85 for Home windows and macOS, and model 128.0.6613.84 for Linux to mitigate potential threats.
Customers of Chromium-based browsers reminiscent of Microsoft Edge, Courageous, Opera, and Vivaldi are additionally suggested to use the fixes as and after they grow to be out there.
