Soon after patching over three dozen vulnerabilities, including a zero-day, in Chrome, Google identifies another vulnerability as a zero-day flaw. While users who already updated their systems don’t need to do anything further, those who haven’t must prioritize device updates.
Recent Google Chrome Update Also Patched A Now-Confirmed Zero-Day
Last week, Google patched 38 vulnerabilities in its Chrome browser, making the update one of the rarest in Chrome release history. Now, the same Chrome update once again makes the news due to another information update from Google.
According to an update mentioned on the Chrome release post for Chrome 128.0.6613.84 stable release, the vulnerability CVE-2024-7965 actually constitutes a zero-day.
In the initial release, Google described this vulnerability as a high-severity inappropriate implementation issue affecting Chrome’s V8 JavaScript and WebAssembly engine. The tech giant even credited the researcher with the alias “TheDog” for reporting the flaw, rewarding the effort with a $11,000 bounty. However, it didn’t describe the vulnerability in detail.
Although the tech giant has not explained any further details about this vulnerability, it confirmed the issue as a zero-day. According to its statement indicating the update, the tech giant learned about the active exploitation of this vulnerability following the patch release.
According to the vulnerability description for CVE-2024-7965, exploiting the flaw allows malicious attacks from a remote adversary. It received a high severity rating and a CVSS score of 8.8.
Inappropriate implementation in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
For now, Google didn’t mention any such update in its Chrome release advisory for Android. However, considering that the advisory already mentioned releasing all Chrome for Desktop 128.0.6613.84 security fixes with Chrome for Android 128.0.6613.88, it is likely that the recently discovered zero-day posed a similar threat to Android devices, too.
Therefore, all desktop and mobile users running the Chrome browser on their devices must rush to promptly patch their systems. Although Google ensures the automatic rollout of all updates to Chrome users, it’s still wise to manually check for any system or browser updates to receive all patches on time.
Let us know your thoughts in the comments.