Chrome Zero-day Vulnerability Actively Exploited in the Wild

Google has announced the release of Chrome 128 to the stable channel for Windows, Mac, and Linux.

This update, Chrome 128.0.6613.84 for Linux and 128.0.6613.84/.85 for Windows and Mac addresses a critical zero-day vulnerability actively exploited in the wild.

The update includes 38 security fixes, with particular attention to those contributed by external researchers.

Details of the Zero-Day Vulnerability

The Chrome team has been working diligently to address a zero-day vulnerability that has been actively exploited.

The vulnerability, CVE-2024-7971, involves type confusion in V8, Chrome’s open-source JavaScript engine.

The Microsoft Threat Intelligence Center (MSTIC) and the Microsoft Security Response Center (MSRC) reported this flaw on August 19, 2024.

Are You From SOC/DFIR Teams? - Try Advanced Malware and Phishing Analysis With ANY.RUN -14-day free trial

While the specific details of the exploit remain restricted to protect users, the fix’s urgency underscores the vulnerability’s potential severity.

The Chrome team has emphasized that access to bug details and links will remain restricted until most users have updated their browsers.

This precaution ensures that users are protected before the vulnerability details are public, preventing further exploitation.

In addition to the zero-day vulnerability, the Chrome 128 update includes a wide range of security fixes.

Below is a table summarizing the key vulnerabilities addressed in this update:

BountyCVE IDSeverityDescriptionReported On
$36,000CVE-2024-7964HighUse after free in Passwords2024-08-08
$11,000CVE-2024-7965HighInappropriate implementation in V82024-07-30
$10,000CVE-2024-7966HighInappropriate Implementation in Permissions2024-07-25
$7,000CVE-2024-7967HighHeap buffer overflow in Fonts2024-07-27
$1,000CVE-2024-7968HighUse after free in Autofill2024-06-25
TBDCVE-2024-7969HighType Confusion in V82024-07-09
TBDCVE-2024-7971HighType confusion in V82024-08-19
$11,000CVE-2024-7972MediumInappropriate implementation in V82024-06-10
$7,000CVE-2024-7973MediumHeap buffer overflow in PDFium2024-06-06
$3,000CVE-2024-7974MediumInsufficient data validation in V8 API2024-05-07
$3,000CVE-2024-7975MediumInsufficient data validation in the Installer2024-06-16
$2,000CVE-2024-7976MediumInappropriate implementation in FedCM2024-05-10
$1,000CVE-2024-7977MediumInsufficient Policy Enforcement in Data Transfer2024-02-11
$1,000CVE-2024-7978MediumInsufficient data validation in the Installer2022-07-21
TBDCVE-2024-7979MediumInsufficient data validation in the Installer2024-07-29
TBDCVE-2024-7980MediumInappropriate Implementation in Views2024-07-30
$1,000CVE-2024-7981LowInappropriate Implementation in WebApp Installs2023-07-14
$500CVE-2024-8033LowInappropriate implementation in WebApp Installs2024-06-30
$500CVE-2024-8034LowInappropriate implementation in Custom Tabs2024-07-18
TBDCVE-2024-8035LowInappropriate implementation in Extensions2022-04-26

The Chrome team is committed to ensuring user safety and has expressed gratitude to the security researchers who contributed to these fixes.

Users are strongly encouraged to update their browsers to the latest version to protect against these vulnerabilities.

Google also plans to release more information about new features and major efforts in upcoming blog posts for Chrome and Chromium.

As cyber threats evolve, timely updates and collaboration with the security community remain crucial in safeguarding users worldwide.

Protect Your Business with Cynet Managed All-in-One Cybersecurity Platform – Try Free Trial

Divya

Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Recent Posts

10 Best DNS Management Tools – 2025

Best DNS Management Tools play a crucial role in efficiently managing domain names and their…

2 hours ago

Sweet Security Announces Availability of its Cloud Native Detection & Response Platform on the AWS Marketplace

Customers can now easily integrate Sweet’s runtime detection and response platform into their AWS environments…

15 hours ago

Researchers Detailed Credential Abuse Cycle

Cybercriminals exploit leaked credentials, obtained through various means, to compromise systems and data, enabling them…

19 hours ago

New Android Malware SpyAgent Taking Screenshots Of User’s Devices

SpyAgent, a newly discovered Android malware, leverages OCR technology to extract cryptocurrency recovery phrases from…

19 hours ago

Tor Network Suffers IP Spoofing Attack Via Non-Exit Relays

In late October 2024, a coordinated IP spoofing attack targeted the Tor network, prompting abuse…

20 hours ago

Metasploit Framework Released with New Features

The Metasploit Framework, a widely used open-source penetration testing tool maintained by Rapid7, has introduced…

22 hours ago