Heap Corruption Vulnerability in Chrome Prior to 128.0.6613.84

CVE-2024-7971
8.8HIGH

Key Information

Vendor
Google
Status
Chrome
Vendor
CVE Published:
21 August 2024

Badges

🔥 No. 1 Trending😄 Trended👾 Exploit Exists📰 News Worthy

Summary

The vulnerability CVE-2024-7971 is a type confusion bug in the V8 JavaScript and WebAssembly engine in Google Chrome prior to version 128.0.6613.84. The vulnerability allows remote attackers to exploit heap corruption via a crafted HTML page, resulting in a high severity security flaw. Microsoft reported the flaw and it is actively being exploited in the wild. Google has patched the vulnerability and urged users to update immediately. This is the third type confusion bug in V8 that Google has patched this year, and it is one of nine zero-days in Chrome addressed since the beginning of 2024. Users are recommended to upgrade to the patched version of Chrome to mitigate potential threats.

CISA Reported

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2024-7971 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace as recent news articles suggest the vulnerability is being used by ransomware groups.

The CISA's recommendation is: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Affected Version(s)

Chrome < 128.0.6613.84

News Articles

favicon imageThe Hacker News

North Korean Hackers Deploy FudModule Rootkit via Chrome Zero-Day Exploit

North Korean hackers exploited a Google Chrome zero-day flaw to deliver the FudModule rootkit, targeting cryptocurrency platforms.

1 month ago

favicon imageThe Cyber Express

North Korean Hackers Attack Chromium With FudModule Rootkit

A North Korean threat actor leveraged a zero-day vulnerability in Google's Chromium browser to deploy the FudModule rootkit to target cryptocurrency firms.

1 month ago

favicon image

Alleged Karakut ransomware scumbag charged in US

Infosec in brief Deniss Zolotarjovs, a suspected member of the Russian Karakurt ransomware gang, has been charged in a US court with allegedly conspiring to commit money laundering, wire fraud and Hobbs Act...

1 month ago

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • 👾

    Exploit exists.

  • 🔥

    Vulnerability reached the number 1 worldwide trending spot.

  • Vulnerability started trending.

  • First article discovered by SecurityWeek

  • Vulnerability published.

Collectors

NVD DatabaseMitre DatabaseCISA DatabaseGoogle Feed10 News Article(s)
.