Google has confirmed that a recently patched security flaw in its Chrome browser is being actively exploited by attackers. The vulnerability, tracked as CVE-2024-7965, was described as an improper implementation bug in the V8 JavaScript and WebAssembly engine.
The bug allows remote attackers to potentially exploit heap corruption via a crafted HTML page, according to the NIST National Vulnerability Database (NVD). A security researcher known by the pseudonym TheDog discovered and reported the flaw on July 30, earning them a $11,000 bug bounty.
While details about the attacks exploiting the flaw are scarce, Google acknowledged that it’s aware of an exploit for CVE-2024-7965. However, it’s unclear if the flaw was weaponized as a zero-day prior to its disclosure last week.
To mitigate potential threats, users are highly recommended to upgrade to Chrome version 128.0.6613.84/.85 for Windows and macOS, and version 128.0.6613.84 for Linux. This is the ninth zero-day flaw addressed by Google in Chrome since the start of 2024, with three others demonstrated at Pwn2Own 2024.
Source: https://thehackernews.com/2024/08/google-warns-of-cve-2024-7965-chrome.html?m=1