Chrome update fixes 38 security issues, including active vulnerability
Google released a Chrome update addressing 38 vulnerabilities, including a critical 0-day exploit (CVE-2024-7971). Users are urged to update immediately to mitigate risks across all platforms.
Read original article
Google has released a security update for Google Chrome that addresses 38 unique security vulnerabilities, including a critical 0-day exploit identified as CVE-2024-7971, which is currently being exploited in the wild. Users are strongly encouraged to update their browsers promptly to mitigate potential risks. The update affects various platforms, including Windows, Mac, Linux, Android, and iOS, with specific version numbers provided for each. Among the fixed issues, seven are rated as high severity, while the exploited vulnerability relates to Type Confusion in the V8 JavaScript engine. Google has not disclosed further details about the exploit's prevalence or the nature of the attacks. This marks the ninth 0-day vulnerability reported in Chrome for the year 2024. Users can check for updates through the browser's menu or by navigating directly to the settings page. It is also noted that similar vulnerabilities may affect other Chromium-based browsers, and users should ensure those are updated as well.
- Google Chrome's latest update fixes 38 security issues, including a critical 0-day exploit.
- The exploited vulnerability, CVE-2024-7971, is related to the V8 JavaScript engine.
- Users are advised to update their browsers immediately to protect against potential attacks.
- The update includes high-severity fixes, with seven issues rated as high.
- Similar vulnerabilities may affect other Chromium-based browsers, necessitating updates for those as well.
Related
Chrome will now prompt some users to send passwords for suspicious files
Google is enhancing Chrome's malware detection by allowing users to upload password-protected files for scanning. A new notification system will categorize downloads as "suspicious" or "dangerous" to improve user awareness.
Google Says Sorry After Passwords Vanish for 15M Windows User
Google apologized for a bug that caused passwords to disappear for 15 million Chrome users. The issue lasted 18 hours, affecting 2% of users, and was resolved with a browser restart.
CVE-2024-40798 – an app may be able to read Safari's browsing history
CVE-2024-40798 is a newly identified vulnerability in Safari that may expose browsing history. It has been fixed in several Apple software updates and awaits analysis without a CVSS severity score.
Apple to Address '0.0.0.0' Security Vulnerability in Safari 18
Apple will address a security vulnerability in Safari 18 affecting macOS Sequoia, Sonoma, and Ventura, blocking malicious requests to the IP address 0.0.0.0, with an update expected later this year.
0.0.0.0 Day: Exploiting Localhost APIs from the Browser
Oligo Security revealed the "0.0.0.0 Day" vulnerability affecting major web browsers, enabling malicious sites to exploit local services. Browser developers are working on updates to mitigate this risk.
1 commentsRelated
Chrome will now prompt some users to send passwords for suspicious files
Google is enhancing Chrome's malware detection by allowing users to upload password-protected files for scanning. A new notification system will categorize downloads as "suspicious" or "dangerous" to improve user awareness.
Google Says Sorry After Passwords Vanish for 15M Windows User
Google apologized for a bug that caused passwords to disappear for 15 million Chrome users. The issue lasted 18 hours, affecting 2% of users, and was resolved with a browser restart.
CVE-2024-40798 – an app may be able to read Safari's browsing history
CVE-2024-40798 is a newly identified vulnerability in Safari that may expose browsing history. It has been fixed in several Apple software updates and awaits analysis without a CVSS severity score.
Apple to Address '0.0.0.0' Security Vulnerability in Safari 18
Apple will address a security vulnerability in Safari 18 affecting macOS Sequoia, Sonoma, and Ventura, blocking malicious requests to the IP address 0.0.0.0, with an update expected later this year.
0.0.0.0 Day: Exploiting Localhost APIs from the Browser
Oligo Security revealed the "0.0.0.0 Day" vulnerability affecting major web browsers, enabling malicious sites to exploit local services. Browser developers are working on updates to mitigate this risk.