Google Patched A Chrome Zero-Day With Multiple Vulnerabilities

Google Chrome users must rush to update their systems with the latest browser release as the tech giant patched numerous security vulnerabilities. Alongside other flaws, Google also patched a Chrome zero-day, confirming active exploitation of the flaw.

Google Chrome Latest Release Patched A Zero-Day and Other Flaws

According to a recent Chrome release blog, Google has addressed 38 different security vulnerabilities in its Chrome browser, including a zero-day. This huge number of security fixes is rather unusual for Google Chrome, making this update significant for all users.

Specifically, 20 of the 38 vulnerabilities were reported by external security researchers, with the rest being reported by Google’s team. These include 7 high-severity vulnerabilities, 9 medium-severity issues, and 4 low-severity security flaws.

While the tech giant, maintaining its usual practice, did not share details about the flaws, the advisory briefly described the type of vulnerabilities and acknowledged the researchers. Some of these vulnerabilities even made the researchers win hefty bug bounties; below, we list a few of them.

  • CVE-2024-7964 (high-severity): A use-after-free vulnerability in Passwords. Google rewarded the anonymous researcher with a $36000 bounty for reporting this flaw.
  • CVE-2024-7965 (high severity): An inappropriate implementation in the V8 component that made the researcher with the alias “TheDog” win a $11000 bounty for reporting the flaw.
  • CVE-2024-7966 (high severity): An out-of-bounds memory access in Skia, which caught the attention of security researcher Renan Rios. Google awarded a $10000 bounty to Rios for this bug report.
  • CVE-2024-7972 (medium severity): Another inappropriate implementation in V8 reported by the researcher Simon Gerst, who received a $11000 bounty.

The most noteworthy mention among all security vulnerabilities addressed with this Chrome update is the zero-day flaw. Identified as CVE-2024-7971, Google described it as a high-severity type confusion vulnerability in V8. While hiding major details, the tech giant confirmed that it detected active exploitation attempts for this flaw in the wild. Google credited the Microsoft Threat Intelligence Center (MSTIC) and Microsoft Security Response Center (MSRC) for reporting this vulnerability.

Google rolled out all these security fixes with Chrome for Desktop, Chrome 128.0.6613.84 (Linux), and 128.0.6613.84/.85 (Windows, Mac) release. Moreover, the tech giant also released these security patches with Chrome 128 (128.0.6613.88) for Android. Thus, all desktop and Android users running Chrome browsers must promptly update their devices to avoid potential threats.

Let us know your thoughts in the comments.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients