Skip to main content

Google Releases Security Updates for Chrome

Security update includes two exploited high severity vulnerabilities in Google Chrome

Threat ID:
CC-4539
Threat Severity:
Medium
Published:
22 August 2024 3:12 PM
Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Security update includes two exploited high severity vulnerabilities in Google Chrome

Affected platforms

The following platforms are known to be affected:

Versions: all prior to 128.0.6613.84/.85

Google Chrome

Threat details

Introduction

Google has released Chrome version 128.0.6613.84/.85 for Linux, Windows, and Mac. Of note, two high severity vulnerabilities are reported as exploited in the wild, which are outlined below.

  • CVE-2024-7971 - A remote attacker could exploit this type confusion vulnerability in V8, via a specially crafted HTML page. 
  • CVE-2024-7965 - A remote attacker could exploit this heap corruption vulnerability in V8 via a specially crafted HTML page

The update also addresses an additional five high, nine medium, and four low severity vulnerabilities.

Exploitation of CVE-2024-7971 and CVE-2024-7965

Google is aware that exploits for CVE-2024-7971 and CVE-2024-7965 exist in the wild.

Threat updates

Date Update
28 Aug 2024 Exploitation of CVE-2024-7965 reported in advisory update

Remediation advice

Affected organisations are encouraged to review the Chrome Release 128.0.6613.84/.85 Stable Channel advisory and apply the update for the latest release.

Last edited: 28 August 2024 2:16 pm