HomeWinBuzzer NewsGoogle Addresses Tenth Zero-Day in Chrome This Year

Google Addresses Tenth Zero-Day in Chrome This Year

Google has patched CVE-2024-7965 in Chrome. The flaw in the V8 JavaScript engine allows remote attackers to exploit heap corruption.

-

In an ongoing battle against security exploits, has patched the tenth zero-day vulnerability in Chrome this year. The flaw resides in the V8 JavaScript engine and has been tagged as CVE-2024-7965. It permits remote attackers to cause heap corruption by manipulating an HTML page.

Handling Another Vulnerability

The dog, a security researcher, reported CVE-2024-7965. The issue stems from improper handling within the V8 JavaScript engine, leading to potential heap corruption. Such vulnerabilities can be leveraged to access sensitive information without authorization.

The patch has been integrated into Chrome version 128.0.6613.84/.85 for Windows and macOS, along with version 128.0.6613.84 for Linux. These updates are rolling out to all users on the Stable Desktop channel. Users can update their browsers by going to the menu, selecting Help, and then navigating to About . The update completes once the ‘Relaunch' button is clicked.

Other Vulnerabilities in 2024

Aside from CVE-2024-7965, Google has also patched nine additional zero-day vulnerabilities throughout the year. These patches cover issues like CVE-2024-7971, another severe flaw in the V8 engine, and vulnerabilities reported during the Pwn2Own contest. Among these are CVE-2024-0519, CVE-2024-2887, and CVE-2024-4671, which involve out-of-bounds memory access, type confusion, and use-after-free bugs.

Google has communicated that it will restrict access to bug details and links until most users have updated their browsers. Restrictions will remain in place when the bug affects third-party libraries that haven't yet been patched by other projects. For further details, users can refer to Google's official blog post and the respective linked National Vulnerability Database (NVD) entries for each CVE.

Luke Jones
Luke Jones
Luke has been writing about Microsoft and the wider tech industry for over 10 years. With a degree in creative and professional writing, Luke looks for the interesting spin when covering AI, Windows, Xbox, and more.

Recent News

Mastodon