Google has issued an emergency security update for Chrome, addressing a zero-day vulnerability that has been actively exploited in the wild.
In an advisory published on Wednesday, Google acknowledged the existence of an exploit for the vulnerability, identified as CVE-2024-7971.
This high-severity flaw stems from a type of confusion issue in Chrome’s V8 JavaScript engine. The vulnerability was reported by security researchers from the Microsoft Threat Intelligence Center (MSTIC) and Microsoft Security Response Center (MSRC) on Monday.
Typically, such vulnerabilities can allow attackers to cause browser crashes by misinterpreting data allocated in memory as a different type. However, they can also be leveraged for arbitrary code execution on unpatched devices.
Google has addressed the zero-day vulnerability by releasing Chrome versions 128.0.6613.84/.85 for Windows/macOS and 128.0.6613.84 for Linux. These updates will be rolled out to all users in the Stable Desktop channel over the next few weeks.
Although Chrome typically updates automatically when security patches are available, users can expedite the process by navigating to the Chrome menu, selecting Help > About Google Chrome, allowing the update to complete, and clicking the ‘Relaunch’ button to install it.
