News Chrome 0-Day Vulnerability Actively Exploited in the Wild


The Chrome team announced that Chrome 128 has been promoted to the stable channel for Windows, Mac, and Linux.

This update, Chrome 128.0.6613.84/.85, includes numerous fixes and improvements. However, a critical security vulnerability, CVE-2024-7965, has been discovered and actively exploited in the wild.

Details of the Vulnerability

CVE-2024-7965 is classified as a high-severity vulnerability involving inappropriate implementation in V8, Chrome’s JavaScript engine.

This flaw was reported by a researcher known as “TheDog” on July 30, 2024. Google has acknowledged the existence of exploits for this vulnerability in the wild, emphasizing the urgency of users updating their browsers.

Are You From SOC/DFIR Teams? - Try Advanced Malware and Phishing Analysis With ANY.RUN -14-day free trial

The latest Chrome update addresses 37 security vulnerabilities, with several high-severity issues reported by external researchers. Below is a table summarizing the vulnerabilities:

Severity CVE ID Description Reward
High CVE-2024-7964 Use after free in Passwords $36,000
High CVE-2024-7965 Inappropriate implementation in V8 $11,000
High CVE-2024-7966 Inappropriate Implementation in Permissions $10,000
High CVE-2024-7967 Heap buffer overflow in Fonts $7,000
High CVE-2024-7968 Use after free in Autofill $1,000
High CVE-2024-7971 Type confusion in V8 TBD
Medium CVE-2024-7972 Inappropriate implementation in V8 $11,000
Medium CVE-2024-7973 Heap buffer overflow in PDFium $7,000
Medium CVE-2024-7974 Insufficient data validation in V8 API $3,000
Medium CVE-2024-7975 Insufficient data validation in the Installer $3,000
Medium CVE-2024-7976 Inappropriate implementation in FedCM $2,000
Medium CVE-2024-7977 Insufficient Policy Enforcement in Data Transfer $1,000
Medium CVE-2024-7978 Inappropriate Implementation in Views $1,000
Low CVE-2024-7981 Inappropriate Implementation in WebApp Installs $1,000
Low CVE-2024-8033 Inappropriate implementation in WebApp Installs $500
Low CVE-2024-8034 Inappropriate implementation in Custom Tabs $500

The discovery and active exploitation of CVE-2024-7965 highlight the importance of keeping software current.

Users are strongly advised to update to the latest version of Chrome to protect against potential threats.

Google’s commitment to security is evident in its collaboration with external researchers and the continuous improvement of its browser’s defenses.

Protect Your Business with Cynet Managed All-in-One Cybersecurity Platform – Try Free Trial



Source link