Google has revealed {that a} safety flaw that was patched as a part of a software program replace rolled out final week to its Chrome browser has come beneath energetic exploitation within the wild.
Tracked as CVE-2024-7965, the vulnerability has been described as an inappropriate implementation bug within the V8 JavaScript and WebAssembly engine.
“Inappropriate implementation in V8 in Google Chrome previous to 128.0.6613.84 allowed a distant attacker to probably exploit heap corruption through a crafted HTML web page,” in line with a description of the bug within the NIST Nationwide Vulnerability Database (NVD).
A safety researcher who goes by the web pseudonym TheDog has been credited with discovering and reporting the flaw on July 30, 2024, incomes them a bug bounty of $11,000.
Further specifics concerning the nature of the assaults exploiting the flaw or the identification of the risk actors which may be using it haven’t been launched. The tech large, nevertheless, acknowledged that it is conscious of the existence of an exploit for CVE-2024-7965.
It additionally stated, “within the wild exploitation of CVE-2024-7965 […] was reported after this launch.” That stated, it is presently not clear if the flaw was weaponized as a zero-day previous to its disclosure final week.
The Hacker Information has reached out to Google for additional details about the flaw, and we’ll replace the story if we hear again.
Google has to date addressed 9 zero-days in Chrome for the reason that begin of 2024, together with three that have been demonstrated at Pwn2Own 2024 –
Customers are extremely advisable to improve to Chrome model 128.0.6613.84/.85 for Home windows and macOS, and model 128.0.6613.84 for Linux to mitigate potential threats.