Google tags a tenth Chrome zero-day as exploited this year
Google patched its tenth zero-day vulnerability in Chrome for 2024, allowing remote exploitation via crafted HTML. Users should update their browsers to the latest version for protection.
Read original article
Google has identified and patched its tenth zero-day vulnerability in Chrome for 2024, tracked as CVE-2024-7965. This high-severity flaw, reported by a researcher known as TheDog, is linked to a bug in the compiler backend affecting just-in-time (JIT) compilation. It allows remote attackers to exploit heap corruption through a specially crafted HTML page, utilizing an inappropriate implementation in Chrome's V8 JavaScript engine. Google also noted that exploits for another vulnerability, CVE-2024-7971, are present in the wild. Both vulnerabilities have been addressed in Chrome version 128.0.6613.84/.85 for various operating systems. Users are encouraged to manually update their browsers to ensure they are protected. Since the beginning of the year, Google has patched several other zero-day vulnerabilities, primarily affecting the V8 JavaScript engine and related components, which could lead to remote code execution and unauthorized access to sensitive information. Google has withheld detailed information about the attacks to protect users until a majority have updated their systems.
- Google has patched its tenth zero-day vulnerability in Chrome for 2024.
- The vulnerability allows remote exploitation via crafted HTML pages.
- Users are advised to update their Chrome browsers to the latest version.
- Google has patched a total of ten zero-day vulnerabilities this year.
- Detailed information about the attacks is restricted until most users are updated.
Related
Chrome will now prompt some users to send passwords for suspicious files
Google is enhancing Chrome's malware detection by allowing users to upload password-protected files for scanning. A new notification system will categorize downloads as "suspicious" or "dangerous" to improve user awareness.
Google Says Sorry After Passwords Vanish for 15M Windows User
Google apologized for a bug that caused passwords to disappear for 15 million Chrome users. The issue lasted 18 hours, affecting 2% of users, and was resolved with a browser restart.
0.0.0.0 Day: Exploiting Localhost APIs from the Browser
Oligo Security revealed the "0.0.0.0 Day" vulnerability affecting major web browsers, enabling malicious sites to exploit local services. Browser developers are working on updates to mitigate this risk.
Google patches Quick Share for Windows to shut malware hole
Google patched multiple vulnerabilities in its Quick Share application for Windows, discovered by SafeBreach, which could allow remote code execution. Ten flaws were identified, including denial of service and authorization bypass.
Chrome update fixes 38 security issues, including active vulnerability
Google released a Chrome update addressing 38 vulnerabilities, including a critical 0-day exploit (CVE-2024-7971). Users are urged to update immediately to mitigate risks across all platforms.
0 commentsRelated
Chrome will now prompt some users to send passwords for suspicious files
Google is enhancing Chrome's malware detection by allowing users to upload password-protected files for scanning. A new notification system will categorize downloads as "suspicious" or "dangerous" to improve user awareness.
Google Says Sorry After Passwords Vanish for 15M Windows User
Google apologized for a bug that caused passwords to disappear for 15 million Chrome users. The issue lasted 18 hours, affecting 2% of users, and was resolved with a browser restart.
0.0.0.0 Day: Exploiting Localhost APIs from the Browser
Oligo Security revealed the "0.0.0.0 Day" vulnerability affecting major web browsers, enabling malicious sites to exploit local services. Browser developers are working on updates to mitigate this risk.
Google patches Quick Share for Windows to shut malware hole
Google patched multiple vulnerabilities in its Quick Share application for Windows, discovered by SafeBreach, which could allow remote code execution. Ten flaws were identified, including denial of service and authorization bypass.
Chrome update fixes 38 security issues, including active vulnerability
Google released a Chrome update addressing 38 vulnerabilities, including a critical 0-day exploit (CVE-2024-7971). Users are urged to update immediately to mitigate risks across all platforms.