heap corruption vulnerability in V8 prior to 128.0.6613.84
Key Information
- Vendor
- Status
- Chrome
- Vendor
- CVE Published:
- 21 August 2024
Badges
Summary
The vulnerability CVE-2024-7965 is a critical zero-day flaw in the V8 JavaScript engine in Google Chrome, with a severity rating of high. It has been actively exploited in the wild and allows attackers to potentially exploit heap corruption through a crafted HTML page. It affects versions of Chrome prior to 128.0.6613.84, and Google has released patches to address the issue. Users are strongly advised to update their browsers to protect against potential unauthorized access or execution of malicious code. Google has been swift in addressing several critical vulnerabilities in Chrome throughout 2024, emphasizing the importance of maintaining up-to-date software to protect against potential cyber threats.
CISA Reported
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2024-7965 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace
The CISA's recommendation is: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Affected Version(s)
Chrome < 128.0.6613.84
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
News Articles
Google Issues CVE-2024-7965 Alert due to security flaw in Chrome being actively exploited - CIO News
Google has disclosed that a security vulnerability addressed in a software update for its Chrome browser that was released last week is being actively
1 month ago
Google Fixes Chrome Zero-Day Vulnerability (CVE-2024-7965)
Google has patched the critical Chrome zero-day vulnerability CVE-2024-7965 to protect against active exploitation and other risks.
1 month ago
Google Warns of CVE-2024-7965 Chrome Security Flaw Under Active Exploitation
Google patches CVE-2024-7965, an actively exploited Chrome vulnerability, urging users to update for security.
1 month ago
EPSS Score
27% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- ๐พ
Exploit exists.
Vulnerability started trending.
First article discovered by SecurityWeek
Vulnerability published.