The Chrome team announced that Chrome 128 has been promoted to the stable channel for Windows, Mac, and Linux.
This update, Chrome 128.0.6613.84/.85, includes numerous fixes and improvements. However, a critical security vulnerability, CVE-2024-7965, has been discovered and actively exploited in the wild.
CVE-2024-7965 is classified as a high-severity vulnerability involving inappropriate implementation in V8, Chrome’s JavaScript engine.
This flaw was reported by a researcher known as “TheDog” on July 30, 2024. Google has acknowledged the existence of exploits for this vulnerability in the wild, emphasizing the urgency of users updating their browsers.
Are You From SOC/DFIR Teams? - Try Advanced Malware and Phishing Analysis With ANY.RUN -14-day free trial
The latest Chrome update addresses 37 security vulnerabilities, with several high-severity issues reported by external researchers. Below is a table summarizing the vulnerabilities:
| Severity | CVE ID | Description | Reward |
| High | CVE-2024-7964 | Use after free in Passwords | $36,000 |
| High | CVE-2024-7965 | Inappropriate implementation in V8 | $11,000 |
| High | CVE-2024-7966 | Inappropriate Implementation in Permissions | $10,000 |
| High | CVE-2024-7967 | Heap buffer overflow in Fonts | $7,000 |
| High | CVE-2024-7968 | Use after free in Autofill | $1,000 |
| High | CVE-2024-7971 | Type confusion in V8 | TBD |
| Medium | CVE-2024-7972 | Inappropriate implementation in V8 | $11,000 |
| Medium | CVE-2024-7973 | Heap buffer overflow in PDFium | $7,000 |
| Medium | CVE-2024-7974 | Insufficient data validation in V8 API | $3,000 |
| Medium | CVE-2024-7975 | Insufficient data validation in the Installer | $3,000 |
| Medium | CVE-2024-7976 | Inappropriate implementation in FedCM | $2,000 |
| Medium | CVE-2024-7977 | Insufficient Policy Enforcement in Data Transfer | $1,000 |
| Medium | CVE-2024-7978 | Inappropriate Implementation in Views | $1,000 |
| Low | CVE-2024-7981 | Inappropriate Implementation in WebApp Installs | $1,000 |
| Low | CVE-2024-8033 | Inappropriate implementation in WebApp Installs | $500 |
| Low | CVE-2024-8034 | Inappropriate implementation in Custom Tabs | $500 |
The discovery and active exploitation of CVE-2024-7965 highlight the importance of keeping software current.
Users are strongly advised to update to the latest version of Chrome to protect against potential threats.
Google’s commitment to security is evident in its collaboration with external researchers and the continuous improvement of its browser’s defenses.
Protect Your Business with Cynet Managed All-in-One Cybersecurity Platform – Try Free Trial
In a significant development, the Trump administration is reportedly formulating a plan to prevent a…
IBM has announced the resolution of several security vulnerabilities affecting its IBM Security Directory Integrator…
A new security vulnerability has been uncovered in Apache Solr, affecting versions 6.6 through 9.7.0.…
A cybersecurity researcher recently disclosed several critical vulnerabilities affecting Git-related projects, revealing how improper handling…
Researchers from IIT Kharagpur and Intel Corporation have identified a significant security vulnerability in Intel…
Burp Suite 2025.1, is packed with new features and enhancements designed to improve your web…