News Chrome 0-Day Vulnerability (CVE-2024-7965) Actively Exploited in the Wild
The Chrome team announced that Chrome 128 has been promoted to the stable channel for Windows, Mac, and Linux.
This update, Chrome 128.0.6613.84/.85, includes numerous fixes and improvements. However, a critical security vulnerability, CVE-2024-7965, has been discovered and actively exploited in the wild.
Details of the Vulnerability
CVE-2024-7965 is classified as a high-severity vulnerability involving inappropriate implementation in V8, Chrome’s JavaScript engine.
This flaw was reported by a researcher known as “TheDog” on July 30, 2024. Google has acknowledged the existence of exploits for this vulnerability in the wild, emphasizing the urgency of users updating their browsers.
Are You From SOC/DFIR Teams? – Try Advanced Malware and Phishing Analysis With ANY.RUN –14-day free trial
The latest Chrome update addresses 37 security vulnerabilities, with several high-severity issues reported by external researchers. Below is a table summarizing the vulnerabilities:
SeverityCVE IDDescriptionRewardHighCVE-2024-7964Use after free in Passwords$36,000HighCVE-2024-7965Inappropriate implementation in V8$11,000HighCVE-2024-7966Inappropriate Implementation in Permissions$10,000HighCVE-2024-7967Heap buffer overflow in Fonts$7,000HighCVE-2024-7968Use after free in Autofill$1,000HighCVE-2024-7971Type confusion in V8TBDMediumCVE-2024-7972Inappropriate implementation in V8$11,000MediumCVE-2024-7973Heap buffer overflow in PDFium$7,000MediumCVE-2024-7974Insufficient data validation in V8 API$3,000MediumCVE-2024-7975Insufficient data validation in the Installer$3,000MediumCVE-2024-7976Inappropriate implementation in FedCM$2,000MediumCVE-2024-7977Insufficient Policy Enforcement in Data Transfer$1,000MediumCVE-2024-7978Inappropriate Implementation in Views$1,000LowCVE-2024-7981Inappropriate Implementation in WebApp Installs$1,000LowCVE-2024-8033Inappropriate implementation in WebApp Installs$500LowCVE-2024-8034Inappropriate implementation in Custom Tabs$500
The discovery and active exploitation of CVE-2024-7965 highlight the importance of keeping software current.
Users are strongly advised to update to the latest version of Chrome to protect against potential threats.
Google’s commitment to security is evident in its collaboration with external researchers and the continuous improvement of its browser’s defenses.
Protect Your Business with Cynet Managed All-in-One Cybersecurity Platform – Try Free Trial
The post News Chrome 0-Day Vulnerability (CVE-2024-7965) Actively Exploited in the Wild appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.
About The Author
