Security News Google Chrome Hit by Yet Another Zero-Day Exploit, Update Now

lokamoka820

Level 20
Thread author
Mar 1, 2024
953
Here we go again. Google Chrome is pushing an emergency update to patch an actively-exploited zero-day vulnerability. You should install the update immediately, as failure to do so will leave your system exposed to a high-severity attack.

The vulnerability in question—CVE-2024-7971—extends from a type confusion flaw in Chrome's V8 JavaScript engine. Malicious actors are actively exploiting this flaw to leverage arbitrary code execution on targeted Windows, macOS, and Linux devices, according to Google. The bug may also exist in "a third-party library" utilized by other apps, though this hasn't been confirmed.

Researchers at the Microsoft Threat Intelligence Center (MSTIC) and Microsoft Security Response Center (MSRC) discovered and reported CVE-2024-7971 on August 19th. Predictably, Microsoft and Google have kept the "bug details" close to their chest. We won't know the full story behind this flaw until a majority of Chrome users have installed Google's patch. It could be an especially long wait if the flaw exists in third-party JavaScript libraries.

This is the ninth Chrome zero-day to be patched by Google in 2024. While the large number of zero-day disclosures is somewhat concerning, we should be careful to avoid survivorship bias. Increased zero-day identification could extend from poor security practices at Google, but the simpler and more reasonable explanation is that White Hat efforts have grown more effective.

Note that Chrome's emergency update contains a total of 38 security fixes, including some of a very low severity. You can view the full list at Google's Chrome Releases blog.

The patch for CVE-2024-7971 is included in Google Chrome versions 128.0.6613.84 (Windows and Linux) and 128.0.6613.85 (macOS). To check your current Chrome version, go to Settings, enter "Help," and navigate to "About Google Chrome." You'll see an option to manually update Chrome if the update hasn't been installed on your system.

 

jamey910111

Level 2
Jun 7, 2024
87
Seems like Sidekick is the most behind...like 6 months???! 122.60.1.40405 - they are the most buttery smooth i've tested but now i reconsider... their last update is from May ); What's new (version history) | Sidekick Help Center
vivaldi is like 2 months behind...126.0.6478.119 Improved browser features for desktop and Vivaldi Mail 2.0 amped up with new functionalities | Vivaldi Browser
arc just released an update today - 128.0.6613.85 @ https://resources.arc.net/hc/en-us/articles/22513842649623-Arc-for-Windows-2023-2024-Release-Notes
thorium 2 weeks ago - 126.0.6478.231
Brave just relased upate today too (security ones too) - Brave Release Notes | Brave - seems brave and i guess vivaldi are on top of their games as they are both at 128.0.6613.85
Catsxp is also on par with the latest uodates from today: https://www.catsxp.com/

Time to get rid of sidekick? I'll contact them though....
I think I'll just follow the guide here on MT to debloat brave and use it...only reason i left braave was cause it had/has become bloatware. Or maybe a Brave fork if they are less bloated than brave.
 
Last edited:

Divine_Barakah

Level 33
Verified
Top Poster
Well-known
May 10, 2019
2,289
Seems like Sidekick is the most behind...like 6 months???! 122.60.1.40405 - they are the most buttery smooth i've tested but now i reconsider... their last update is from May ); What's new (version history) | Sidekick Help Center
vivaldi is like 2 months behind...126.0.6478.119 Improved browser features for desktop and Vivaldi Mail 2.0 amped up with new functionalities | Vivaldi Browser
arc just released an update today - 128.0.6613.85 @ https://resources.arc.net/hc/en-us/articles/22513842649623-Arc-for-Windows-2023-2024-Release-Notes
thorium 2 weeks ago - 126.0.6478.231
Brave just relased upate today too (security ones too) - Brave Release Notes | Brave - seems brave and i guess vivaldi are on top of their games as they are both at 128.0.6613.85
Catsxp is also on par with the latest uodates from today: https://www.catsxp.com/

Time to get rid of sidekick? I'll contact them though....
I think I'll just follow the guide here on MT to debloat brave and use it...only reason i left braave was cause it had/has become bloatware. Or maybe a Brave fork if they are less bloated than brave.
Please let us know what Sidekick support says about this.


Regarding Brave, I gave up on it. It is too bloated for my liking. I know I can disable the features I don't need, but there is no way I'd trust a browser with crypto nonsense.
 

jamey910111

Level 2
Jun 7, 2024
87
Sidekick finally did an update, but i have no diea what it includes, it says "August 2024" so i am not sure when in august, as there were two 0day patches for chrome. in any case i will not be going back to them. I have ditched them. What's new (version history) | Sidekick Help Center

1724988266707.png


Edit: though above it says "Written by Sidekick Updated yesterday" - it still doesn't explain exactly what was updated...what version of chromium - i doublt but do not know if the more recent security vulenrabilities were patched, probably the ones before.
 
  • Like
Reactions: Divine_Barakah

Divine_Barakah

Level 33
Verified
Top Poster
Well-known
May 10, 2019
2,289
Sidekick finally did an update, but i have no diea what it includes, it says "August 2024" so i am not sure when in august, as there were two 0day patches for chrome. in any case i will not be going back to them. I have ditched them. What's new (version history) | Sidekick Help Center

View attachment 285215

Edit: though above it says "Written by Sidekick Updated yesterday" - it still doesn't explain exactly what was updated...what version of chromium - i doublt but do not know if the more recent security vulenrabilities were patched, probably the ones before.
The problem with their release notes is that they do not mention what version of Chromium they updated to. If they shared that piece of info, it would have been much easier to know what was fixed, but this is not the case. I ditched Sidekick.
 
  • Like
Reactions: jamey910111

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top