The Chrome team announced that Chrome 128 has been promoted to the stable channel for Windows, Mac, and Linux.
This update, Chrome 128.0.6613.84/.85, includes numerous fixes and improvements. However, a critical security vulnerability, CVE-2024-7965, has been discovered and actively exploited in the wild.
Details of the Vulnerability
CVE-2024-7965 is classified as a high-severity vulnerability involving inappropriate implementation in V8, Chrome’s JavaScript engine.
This flaw was reported by a researcher known as “TheDog” on July 30, 2024. Google has acknowledged the existence of exploits for this vulnerability in the wild, emphasizing the urgency of users updating their browsers.
Are You From SOC/DFIR Teams? - Try Advanced Malware and Phishing Analysis With ANY.RUN -14-day free trial
The latest Chrome update addresses 37 security vulnerabilities, with several high-severity issues reported by external researchers. Below is a table summarizing the vulnerabilities:
| Severity | CVE ID | Description | Reward |
| High | CVE-2024-7964 | Use after free in Passwords | $36,000 |
| High | CVE-2024-7965 | Inappropriate implementation in V8 | $11,000 |
| High | CVE-2024-7966 | Inappropriate Implementation in Permissions | $10,000 |
| High | CVE-2024-7967 | Heap buffer overflow in Fonts | $7,000 |
| High | CVE-2024-7968 | Use after free in Autofill | $1,000 |
| High | CVE-2024-7971 | Type confusion in V8 | TBD |
| Medium | CVE-2024-7972 | Inappropriate implementation in V8 | $11,000 |
| Medium | CVE-2024-7973 | Heap buffer overflow in PDFium | $7,000 |
| Medium | CVE-2024-7974 | Insufficient data validation in V8 API | $3,000 |
| Medium | CVE-2024-7975 | Insufficient data validation in the Installer | $3,000 |
| Medium | CVE-2024-7976 | Inappropriate implementation in FedCM | $2,000 |
| Medium | CVE-2024-7977 | Insufficient Policy Enforcement in Data Transfer | $1,000 |
| Medium | CVE-2024-7978 | Inappropriate Implementation in Views | $1,000 |
| Low | CVE-2024-7981 | Inappropriate Implementation in WebApp Installs | $1,000 |
| Low | CVE-2024-8033 | Inappropriate implementation in WebApp Installs | $500 |
| Low | CVE-2024-8034 | Inappropriate implementation in Custom Tabs | $500 |
The discovery and active exploitation of CVE-2024-7965 highlight the importance of keeping software current.
Users are strongly advised to update to the latest version of Chrome to protect against potential threats.
Google’s commitment to security is evident in its collaboration with external researchers and the continuous improvement of its browser’s defenses.
Protect Your Business with Cynet Managed All-in-One Cybersecurity Platform – Try Free Trial