Google has announced that it has patched the tenth zero-day vulnerability in its Chrome browser this year. A bug in the compiler backend of the V8 JavaScript engine caused the latest vulnerability, letting remote attackers exploit heap corruption from a crafted HTML page.
This latest zero-day vulnerability was tracked as CVE-2024-7965 and was reported by a security researcher known only as TheDog on July 30, 2024. Google has fixed the vulnerability in Chrome version 128.0.6613.84/.85 for Windows and macOS systems and version 128.0.6613.84 for Linux users. The update has been rolling out to all users on the Stable Desktop channel since Wednesday.
The last vulnerability, CVE-2024-7971, is also caused by a V8-type confusion weakness. Google has fixed both vulnerabilities in the same Chrome update. Both have been given a score of 8.8, which is high. While Google has confirmed that both vulnerabilities have been exploited in the wild, it hasn’t shared more information regarding these attacks. The company has stated that it may keep details and links restricted until a majority of users are updated with a fix.
While you can wait for your browser to update automatically, it’s always a good idea to check for updates yourself. To manually update, click the three dots at the top right of your Chrome browser. Then click Help > About Google Chrome. If you see a button labeled “Update Google Chrome,” then an update is available; otherwise, you already have the most recent version of Chrome. If you update, make sure to completely close your browser and relaunch again.
This is the tenth zero-day vulnerability in Chrome that Google has patched this year. Other vulnerabilities that have been exploited include CVE-2024-0519, CVE-2024-2887, CVE-2024-2886, CVE-2024-3159, CVE-2024-4671, CVE-2024-4761, CVE-2024-4947, and CVE-2024-5274. As a result of each of these, Google has made sure to ask users to update their Chrome browsers to the latest version to protect themselves from these vulnerabilities.
Source: BleepingComputer
