Google has recently released safety updates for its Chrome browser in order to address a serious zero-day vulnerability that is currently being actively exploited by attackers. The vulnerability, identified as CVE-2024-7971, involves a “type confusion” error in the V8 engine, which is responsible for executing JavaScript and WebAssembly.
According to the National Institute of Standards and Technology’s National Vulnerability Database, this vulnerability allows a remote attacker to manipulate memory through a specially crafted HTML page. Microsoft, a cybersecurity specialist, reported the discovery of this issue and its characteristics on August 19, 2024.
Google has not provided specific details about the nature of the attacks or the potential threat actors utilizing this vulnerability. This decision was made to ensure that most users have the opportunity to update their browsers before the information is publicly disclosed. However, Google has confirmed that the vulnerability is actively being exploited.
CVE-2024-7971 is the third “Type Confusion” vulnerability in the V8 engine that Google has addressed in 2024, following CVE-2024-4947 and CVE-2024-5274. Google has also fixed nine other zero-day vulnerabilities in Chrome, some of which were demonstrated at the Pwn2Own 2024 hacker competition.
Users are strongly advised to update their Chrome browser to version 128.0.6613.84 on Windows and MacOS, or version 128.0.6613.84 on Linux, to safeguard against potential threats. Users of Chromium-based browsers like Microsoft Edge, Brave, Opera, and Vivaldi should also install any available updates as they become available.
While browser updates typically install automatically, it is recommended for users to manually verify the current version of the software being used. These precautions will help minimize risks associated with vulnerabilities and enhance protection against potential cyber attacks.