In an ongoing battle against security exploits, Google has patched the tenth zero-day vulnerability in Chrome this year. The flaw resides in the V8 JavaScript engine and has been tagged as CVE-2024-7965. It permits remote attackers to cause heap corruption by manipulating an HTML page.
Handling Another Vulnerability
The dog, a security researcher, reported CVE-2024-7965. The issue stems from improper handling within the V8 JavaScript engine, leading to potential heap corruption. Such vulnerabilities can be leveraged to access sensitive information without authorization.
The patch has been integrated into Chrome version 128.0.6613.84/.85 for Windows and macOS, along with version 128.0.6613.84 for Linux. These updates are rolling out to all users on the Stable Desktop channel. Users can update their browsers by going to the Chrome menu, selecting Help, and then navigating to About Google Chrome. The update completes once the ‘Relaunch' button is clicked.
Other Vulnerabilities in 2024
Aside from CVE-2024-7965, Google has also patched nine additional zero-day vulnerabilities throughout the year. These patches cover issues like CVE-2024-7971, another severe flaw in the V8 engine, and vulnerabilities reported during the Pwn2Own contest. Among these are CVE-2024-0519, CVE-2024-2887, and CVE-2024-4671, which involve out-of-bounds memory access, type confusion, and use-after-free bugs.
Google has communicated that it will restrict access to bug details and links until most users have updated their browsers. Restrictions will remain in place when the bug affects third-party libraries that haven't yet been patched by other projects. For further details, users can refer to Google's official blog post and the respective linked National Vulnerability Database (NVD) entries for each CVE.