Cyber Security News

PoC Exploit Released for CVE-2024-7965 Zero-Day Chrome Vulnerability

A proof-of-concept (PoC) exploit has been released for a critical zero-day vulnerability identified as CVE-2024-7965, affecting Google’s Chrome browser.

This vulnerability explicitly targets the V8 JavaScript engine and is exclusive to ARM64 architectures.

The release of this PoC has raised concerns within the cybersecurity community, highlighting a potential avenue for exploitation in widely used devices.

Details of CVE-2024-7965

CVE-2024-7965 is a vulnerability in the V8 JavaScript engine, a core component of the Chrome browser that executes JavaScript code.

The flaw is reportedly triggered only on devices using ARM64, which is prevalent in many modern smartphones and tablets.

Yuri Pazdnikov, a Junior Vulnerability Researcher at BI.ZONE, discovered the vulnerability and has been acknowledged for his findings.

Decoding Compliance: What CISOs Need to Know – Join Free Webinar

The PoC exploit released in the public domain demonstrates how an attacker could leverage this vulnerability to execute arbitrary code on affected devices.

According to the GitHub report, the release of the PoC exploit for CVE-2024-7965 underscores the urgency for users and organizations to stay vigilant and ensure their systems are updated.

While Google has not yet issued an official patch at the time of this writing, users are advised to monitor security updates from Google and apply them promptly once they become available.

Security experts recommend disabling JavaScript or using alternative browsers on ARM64 devices until a fix is released.

The discovery and public disclosure of this zero-day vulnerability serve as a reminder of the ever-evolving threat landscape in cybersecurity.

Are You From SOC/DFIR Teams? - Try Advanced Malware and Phishing Analysis With ANY.RUN - 14-day free trial

Divya

Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Recent Posts

IBM AIX TCP/IP Vulnerability Lets Attackers Exploit to Launch Denial of Service Attack

IBM has issued a security bulletin warning of two vulnerabilities in its AIX operating system…

21 minutes ago

Apache Auth-Bypass Vulnerability Lets Attackers Gain Control Over HugeGraph-Server

The Apache Software Foundation has issued a security alert regarding a critical vulnerability in Apache…

39 minutes ago

USA Launched Cyber Attack on Chinese Technology Firms

The Chinese National Internet Emergency Center (CNIE) has revealed two significant cases of cyber espionage…

52 minutes ago

Node.js systeminformation Package Vulnerability Exposes Millions of Systems to RCE Attacks

A critical command injection vulnerability in the popular systeminformation npm package has recently been disclosed, exposing millions…

1 day ago

Skuld Malware Using Weaponized Windows Utilities Packages To Deliver Malware

Researchers discovered a malware campaign targeting the npm ecosystem, distributing the Skuld info stealer through…

2 days ago

BellaCiao, A new .NET Malware With Advanced Sophisticated Techniques

An investigation revealed an intrusion in Asia involving the BellaCiao .NET malware, as the initial…

2 days ago