Saturday, September 7, 2024
Homecyber securityNews Chrome 0-Day Vulnerability (CVE-2024-7965) Actively Exploited in the Wild

News Chrome 0-Day Vulnerability (CVE-2024-7965) Actively Exploited in the Wild

Published on

The Chrome team announced that Chrome 128 has been promoted to the stable channel for Windows, Mac, and Linux.

This update, Chrome 128.0.6613.84/.85, includes numerous fixes and improvements. However, a critical security vulnerability, CVE-2024-7965, has been discovered and actively exploited in the wild.

Details of the Vulnerability

CVE-2024-7965 is classified as a high-severity vulnerability involving inappropriate implementation in V8, Chrome’s JavaScript engine.

- Advertisement - EHA

This flaw was reported by a researcher known as “TheDog” on July 30, 2024. Google has acknowledged the existence of exploits for this vulnerability in the wild, emphasizing the urgency of users updating their browsers.

Are You From SOC/DFIR Teams? - Try Advanced Malware and Phishing Analysis With ANY.RUN -14-day free trial

The latest Chrome update addresses 37 security vulnerabilities, with several high-severity issues reported by external researchers. Below is a table summarizing the vulnerabilities:

SeverityCVE IDDescriptionReward
HighCVE-2024-7964Use after free in Passwords$36,000
HighCVE-2024-7965Inappropriate implementation in V8$11,000
HighCVE-2024-7966Inappropriate Implementation in Permissions$10,000
HighCVE-2024-7967Heap buffer overflow in Fonts$7,000
HighCVE-2024-7968Use after free in Autofill$1,000
HighCVE-2024-7971Type confusion in V8TBD
MediumCVE-2024-7972Inappropriate implementation in V8$11,000
MediumCVE-2024-7973Heap buffer overflow in PDFium$7,000
MediumCVE-2024-7974Insufficient data validation in V8 API$3,000
MediumCVE-2024-7975Insufficient data validation in the Installer$3,000
MediumCVE-2024-7976Inappropriate implementation in FedCM$2,000
MediumCVE-2024-7977Insufficient Policy Enforcement in Data Transfer$1,000
MediumCVE-2024-7978Inappropriate Implementation in Views$1,000
LowCVE-2024-7981Inappropriate Implementation in WebApp Installs$1,000
LowCVE-2024-8033Inappropriate implementation in WebApp Installs$500
LowCVE-2024-8034Inappropriate implementation in Custom Tabs$500

The discovery and active exploitation of CVE-2024-7965 highlight the importance of keeping software current.

Users are strongly advised to update to the latest version of Chrome to protect against potential threats.

Google’s commitment to security is evident in its collaboration with external researchers and the continuous improvement of its browser’s defenses.

Protect Your Business with Cynet Managed All-in-One Cybersecurity Platform – Try Free Trial

Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Latest articles

BBTok Abuses Legitimate Windows Utility Command Tool to Stay Undetected

Cybercriminals in Latin America have increased their use of phishing scams targeting business transactions...

Predator Spyware Exploiting “one-click” & “zero-click” Flaws

Recent research indicates that the Predator spyware, once thought to be inactive due to...

Tropic Trooper Attacks Government Organizations to Steal Sensitive Data

Tropic Trooper (aka KeyBoy, Pirate Panda, and APT23) is a sophisticated cyberespionage APT group,...

NoiseAttack is a Novel Backdoor That Uses Power Spectral Density For Evasion

NoiseAttack is a new method of secretly attacking deep learning models. It uses triggers...

Free Webinar

Decoding Compliance | What CISOs Need to Know

Non-compliance can result in substantial financial penalties, with average fines reaching up to $4.5 million for GDPR breaches alone.

Join us for an insightful panel discussion with Chandan Pani, CISO - LTIMindtree and Ashish Tandon, Founder & CEO – Indusface, as we explore the multifaceted role of compliance in securing modern enterprises.

Discussion points

The Role of Compliance
The Alphabet Soup of Compliance
Compliance
SaaS and Compliance
Indusface's Approach to Compliance

More like this

BBTok Abuses Legitimate Windows Utility Command Tool to Stay Undetected

Cybercriminals in Latin America have increased their use of phishing scams targeting business transactions...

Predator Spyware Exploiting “one-click” & “zero-click” Flaws

Recent research indicates that the Predator spyware, once thought to be inactive due to...

Tropic Trooper Attacks Government Organizations to Steal Sensitive Data

Tropic Trooper (aka KeyBoy, Pirate Panda, and APT23) is a sophisticated cyberespionage APT group,...