Google has revealed {that a} security flaw that was patched as a part of a security replace rolled out final week to its Chrome browser has come underneath energetic exploitation within the wild.
Tracked as CVE-2024-7965, the vulnerability has been described as an inappropriate implementation bug within the V8 JavaScript and WebAssembly engine.
“Inappropriate implementation in V8 in Google Chrome previous to 128.0.6613.84 allowed a distant attacker to doubtlessly exploit heap corruption by way of a crafted HTML web page,” in accordance with an outline of the bug within the NIST Nationwide Vulnerability Database (NVD).
A security researcher who goes by the net pseudonym TheDog has been credited with discovering and reporting the flaw on July 30, 2024, incomes them a bug bounty of $11,000.
Further specifics in regards to the nature of the assaults exploiting the flaw or the identification of the risk actors that could be using it haven’t been launched. The tech big, nevertheless, acknowledged that it is conscious of the existence of an exploit for CVE-2024-7965.
It additionally mentioned, “within the wild exploitation of CVE-2024-7965 […] was reported after this launch.” That mentioned, it is at the moment not clear if the flaw was weaponized as a zero-day previous to its disclosure final week.
The Hacker Information has reached out to Google for additional details about the flaw, and we’ll replace the story if we hear again.
Google has to date addressed 9 zero-days in Chrome for the reason that begin of 2024, together with three that had been demonstrated at Pwn2Own 2024 –
Customers are extremely really helpful to improve to Chrome model 128.0.6613.84/.85 for Home windows and macOS, and model 128.0.6613.84 for Linux to mitigate potential threats.
