• 07 3184 7575

Google Warns of Active Exploitation of Chrome Vulnerability

  • Home
  • Blog Posts
  • Google Warns of Active Exploitation of Chrome Vulnerability
  • September 9, 2024
  • 0 Comments

Did you know your browser could be a gateway for
cyberattacks? Google recently issued a warning about a significant
vulnerability in Chrome that’s being actively exploited in the wild. This comes
just days after the release of Chrome version 128, which addressed a previous
zero-day vulnerability.

The newly identified issue, tracked as CVE-2024-7965, has a
high CVSS score of 8.8, indicating its severity. The vulnerability lies in the
V8 JavaScript engine—specifically in its inappropriate implementation. This
flaw allows remote attackers to exploit heap corruption through carefully
crafted HTML pages. In simpler terms, visiting a compromised or malicious
website could enable attackers to execute harmful code or gain access to your
sensitive information.

What makes this situation even more concerning is that
Google confirmed the exploitation of this vulnerability only after releasing
the browser update. However, it’s unclear whether this flaw was initially
exploited as a zero-day, meaning it might have been used by attackers before
the public was aware of it.

Chrome versions before 128.0.6613.84 are affected by this
vulnerability. This latest update also addressed 37 other security issues,
including another serious flaw, CVE-2024-7971, a type confusion bug in V8,
which has been confirmed as a zero-day vulnerability.

The US Cybersecurity and Infrastructure Security Agency
(CISA) has also taken action. They added CVE-2024-7971 to their Known Exploited
Vulnerabilities (KEV) catalog, emphasizing that the flaw could impact other web
browsers based on Chromium, such as Microsoft Edge and Opera. While CISA hasn’t
provided specific details on the attacks observed, they warned that these types
of vulnerabilities are frequently targeted by cybercriminals and pose
significant risks, especially to federal systems.

Federal agencies are now racing against time. They have
until September 16 to identify and patch vulnerable systems, as required by the
Binding Operational Directive (BOD) 22-01. Although this directive specifically
targets federal organizations, it’s crucial for all businesses and individuals
to prioritize these patches. Ignoring these updates leaves your systems exposed
to potential attacks.

So, what can you do? Ensure your Chrome browser is updated
to the latest version, and if you’re using other Chromium-based browsers, keep
them up to date as well. Cyber threats evolve quickly, and staying vigilant
with updates is one of the easiest and most effective ways to protect yourself.

Are your systems secure? Don’t wait
until it’s too late. Contact Cyber Safe Business today to assess your
organization’s cybersecurity readiness and safeguard your digital assets. Let’s
ensure your defenses are up to date and strong against the latest threats.

Previous Post
Anti-malware vendor ESET is warning of a new phishing tactic targeting iOS and Android users
 Next Post
Thank You to All Who Joined Our August 2024 Webinar!

Subscribe to our newsletter

Subscribe to our newsletter and get the latest updates on news, technology, tips, and tricks on how to securing your business.


Join Our Newsletter

Please complete this form to create an account, receive email updates and much more.
  *
 
 
*Required Fields
Note: It is our responsibility to protect your privacy and we guarantee that your data will be completely confidential.