Google has revealed {that a} safety flaw that was patched as a part of a software program replace rolled out final week to its Chrome browser has come underneath lively exploitation within the wild.
Tracked as CVE-2024-7965, the vulnerability has been described as an inappropriate implementation bug within the V8 JavaScript and WebAssembly engine.
“Inappropriate implementation in V8 in Google Chrome previous to 128.0.6613.84 allowed a distant attacker to probably exploit heap corruption by way of a crafted HTML web page,” in accordance with a description of the bug within the NIST Nationwide Vulnerability Database (NVD).
A safety researcher who goes by the net pseudonym TheDog has been credited with discovering and reporting the flaw on July 30, 2024, incomes them a bug bounty of $11,000.
Further specifics concerning the nature of the assaults exploiting the flaw or the id of the menace actors that could be using it haven’t been launched. The tech big, nevertheless, acknowledged that it is conscious of the existence of an exploit for CVE-2024-7965.
It additionally mentioned, “within the wild exploitation of CVE-2024-7965 […] was reported after this launch.” That mentioned, it is presently not clear if the flaw was weaponized as a zero-day previous to its disclosure final week.
The Hacker Information has reached out to Google for additional details about the flaw, and we are going to replace the story if we hear again.
Google has thus far addressed 9 zero-days in Chrome for the reason that begin of 2024, together with three that had been demonstrated at Pwn2Own 2024 –
Customers are extremely really helpful to improve to Chrome model 128.0.6613.84/.85 for Home windows and macOS, and model 128.0.6613.84 for Linux to mitigate potential threats.
