heap corruption vulnerability in V8 prior to 128.0.6613.84

CVE-2024-7965

8.8HIGH

Key Information

Vendor: Google
Status: Chrome
Vendor: CVE Published:; 21 August 2024

Badges

😄 Trended👾 Exploit Exists🔴 Public PoC📰 News Worthy

Summary

The vulnerability CVE-2024-7965 is a critical zero-day flaw in the V8 JavaScript engine in Google Chrome, with a severity rating of high. It has been actively exploited in the wild and allows attackers to potentially exploit heap corruption through a crafted HTML page. It affects versions of Chrome prior to 128.0.6613.84, and Google has released patches to address the issue. Users are strongly advised to update their browsers to protect against potential unauthorized access or execution of malicious code. Google has been swift in addressing several critical vulnerabilities in Chrome throughout 2024, emphasizing the importance of maintaining up-to-date software to protect against potential cyber threats.

CISA Reported

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2024-7965 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace

The CISA's recommendation is: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Affected Version(s)

Chrome < 128.0.6613.84

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-7965
Created by bi-zone

News Articles

cionews.co.in

CVE-2024-7965

Google Issues CVE-2024-7965 Alert due to security flaw in Chrome being actively exploited - CIO News

Google has disclosed that a security vulnerability addressed in a software update for its Chrome browser that was released last week is being actively

1 month ago