Google announced that it has patched the tenth zero-day vulnerability of 2024, which was actively exploited in the wild.
The high-severity flaw, tracked as CVE-2024-7965, was discovered by a security researcher known as “TheDog.” This vulnerability, found in Google Chrome’s V8 JavaScript engine, could allow remote attackers to execute heap corruption via a specially crafted HTML page.
The vulnerability was detailed in an update to a Google blog post that initially disclosed another zero-day flaw, CVE-2024-7971, which was caused by a type confusion issue in the same V8 engine. Google noted in the update that they are aware of exploits for both CVE-2024-7965 and CVE-2024-7971 being used in the wild.
Google has addressed these vulnerabilities in Chrome version 128.0.6613.84/.85, which has been deployed to users across Windows, macOS, and Linux platforms in the Stable Desktop channel. The updates have been rolling out since last Wednesday, ensuring users are protected from these critical threats.
While Chrome generally updates automatically, users can manually apply the latest updates by navigating to the Chrome menu, selecting “Help,” then “About Google Chrome,” and following the on-screen instructions to complete the update and relaunch the browser.
Google has not yet provided detailed information on the attacks exploiting these vulnerabilities. According to the company, access to detailed bug information will remain restricted until a significant number of users have applied the fixes.
Google also mentioned that restrictions might remain if the vulnerabilities affect third-party libraries that other projects depend on but have not yet been patched.
