heap corruption vulnerability in V8 prior to 128.0.6613.84

CVE-2024-7965
8.8HIGH

Key Information

Vendor
Google
Status
Chrome
Vendor
CVE Published:
21 August 2024

Badges

😄 Trended👾 Exploit Exists🔴 Public PoC📰 News Worthy

Summary

The vulnerability CVE-2024-7965 is a critical zero-day flaw in the V8 JavaScript engine in Google Chrome, with a severity rating of high. It has been actively exploited in the wild and allows attackers to potentially exploit heap corruption through a crafted HTML page. It affects versions of Chrome prior to 128.0.6613.84, and Google has released patches to address the issue. Users are strongly advised to update their browsers to protect against potential unauthorized access or execution of malicious code. Google has been swift in addressing several critical vulnerabilities in Chrome throughout 2024, emphasizing the importance of maintaining up-to-date software to protect against potential cyber threats.

CISA Reported

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2024-7965 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace

The CISA's recommendation is: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Affected Version(s)

Chrome < 128.0.6613.84

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-7965
Created by bi-zone

News Articles

favicon imageBad Sector Labs Blog

Last Week in Security (LWiS) - 2024-09-23

0-click macOS RCE (@Turmio_), sudo iptables LPE (@suidpit + @smaury92), SkeletonCookie ☠️🍪 (@buffaloverflow), and more! Last Week in Security is a summary of the interesting cybersecurity news, techniques,...

1 month ago

favicon imageGBHackers

PoC Exploit Released for CVE-2024-7965 Zero-Day Chrome Vulnerability

A PoC exploit has been released for a critical zero-day vulnerability identified as CVE-2024-7965, affecting Google's Chrome browser.

2 months ago

favicon imageForbes

Google Chrome Attacks—CISA Tells Users To Update By September 16

U.S. government suddenly issues an emergency update warning for Chrome users.

3 months ago

EPSS Score

19% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • 👾

    Exploit exists.

  • Vulnerability started trending.

  • First article discovered by SecurityWeek

  • Vulnerability published.

Collectors

NVD DatabaseMitre DatabaseCISA DatabaseGoogle Feed1 Proof of Concept(s)8 News Article(s)
.