Heap Corruption Vulnerability in Chrome Prior to 128.0.6613.84

CVE-2024-7971

8.8HIGH

Key Information

Vendor: Google
Status: Chrome
Vendor: CVE Published:; 21 August 2024

Badges

🔥 No. 1 Trending😄 Trended👾 Exploit Exists📰 News Worthy

Summary

The vulnerability CVE-2024-7971 is a type confusion bug in the V8 JavaScript and WebAssembly engine in Google Chrome prior to version 128.0.6613.84. The vulnerability allows remote attackers to exploit heap corruption via a crafted HTML page, resulting in a high severity security flaw. Microsoft reported the flaw and it is actively being exploited in the wild. Google has patched the vulnerability and urged users to update immediately. This is the third type confusion bug in V8 that Google has patched this year, and it is one of nine zero-days in Chrome addressed since the beginning of 2024. Users are recommended to upgrade to the patched version of Chrome to mitigate potential threats.

CISA Reported

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2024-7971 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace as recent news articles suggest the vulnerability is being used by ransomware groups.

The CISA's recommendation is: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Affected Version(s)

Chrome < 128.0.6613.84

News Articles

Forbes

CVE-2024-7965CVE-2024-7971

Google Chrome Attacks—CISA Tells Users To Update By September 16

U.S. government suddenly issues an emergency update warning for Chrome users.

3 months ago

The Hacker News

CVE-2024-7971CVE-2024-38106

North Korean Hackers Deploy FudModule Rootkit via Chrome Zero-Day Exploit

North Korean hackers exploited a Google Chrome zero-day flaw to deliver the FudModule rootkit, targeting cryptocurrency platforms.

3 months ago

The Cyber Express

CVE-2024-7971

North Korean Hackers Attack Chromium With FudModule Rootkit

A North Korean threat actor leveraged a zero-day vulnerability in Google's Chromium browser to deploy the FudModule rootkit to target cryptocurrency firms.

3 months ago

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit exists.
Sep 1, 2024
🔥
Vulnerability reached the number 1 worldwide trending spot.
Aug 26, 2024
Vulnerability started trending.
Aug 22, 2024
First article discovered by SecurityWeek
Aug 22, 2024
Vulnerability published.
Aug 21, 2024

Collectors

NVD DatabaseMitre DatabaseCISA DatabaseGoogle Feed11 News Article(s)