PoC Exploit Released for CVE-2024-7965 Zero-Day Chrome Vulnerability

A proof-of-concept (PoC) exploit has been released for a critical zero-day vulnerability identified as CVE-2024-7965, affecting Google’s Chrome browser.

This vulnerability explicitly targets the V8 JavaScript engine and is exclusive to ARM64 architectures.

The release of this PoC has raised concerns within the cybersecurity community, highlighting a potential avenue for exploitation in widely used devices.

Details of CVE-2024-7965

CVE-2024-7965 is a vulnerability in the V8 JavaScript engine, a core component of the Chrome browser that executes JavaScript code.

The flaw is reportedly triggered only on devices using ARM64, which is prevalent in many modern smartphones and tablets.

Yuri Pazdnikov, a Junior Vulnerability Researcher at BI.ZONE, discovered the vulnerability and has been acknowledged for his findings.

Decoding Compliance: What CISOs Need to Know – Join Free Webinar

The PoC exploit released in the public domain demonstrates how an attacker could leverage this vulnerability to execute arbitrary code on affected devices.

According to the GitHub report, the release of the PoC exploit for CVE-2024-7965 underscores the urgency for users and organizations to stay vigilant and ensure their systems are updated.

While Google has not yet issued an official patch at the time of this writing, users are advised to monitor security updates from Google and apply them promptly once they become available.

Security experts recommend disabling JavaScript or using alternative browsers on ARM64 devices until a fix is released.

The discovery and public disclosure of this zero-day vulnerability serve as a reminder of the ever-evolving threat landscape in cybersecurity.

Are You From SOC/DFIR Teams? - Try Advanced Malware and Phishing Analysis With ANY.RUN - 14-day free trial