Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
News
Security News
Google Chrome Hit by Yet Another Zero-Day Exploit, Update Now
Message
<blockquote data-quote="lokamoka820" data-source="post: 1098758" data-attributes="member: 108773"><p>Here we go again. Google Chrome is pushing an emergency update to patch an actively-exploited zero-day vulnerability. You should install the update immediately, as failure to do so will leave your system exposed to a high-severity attack.</p><p></p><p>The vulnerability in question—CVE-2024-7971—extends from a type confusion flaw in Chrome's V8 JavaScript engine. Malicious actors are actively exploiting this flaw to leverage arbitrary code execution on targeted Windows, macOS, and Linux devices, according to Google. The bug may also exist in "a third-party library" utilized by other apps, though this hasn't been confirmed.</p><p></p><p>Researchers at the Microsoft Threat Intelligence Center (MSTIC) and Microsoft Security Response Center (MSRC) discovered and reported CVE-2024-7971 on August 19th. Predictably, Microsoft and Google have kept the "bug details" close to their chest. We won't know the full story behind this flaw until a majority of Chrome users have installed Google's patch. It could be an especially long wait if the flaw exists in third-party JavaScript libraries.</p><p></p><p>This is the ninth Chrome zero-day to be patched by Google in 2024. While the large number of zero-day disclosures is somewhat concerning, we should be careful to avoid survivorship bias. Increased zero-day identification could extend from poor security practices at Google, but the simpler and more reasonable explanation is that White Hat efforts have grown more effective.</p><p></p><p>Note that Chrome's emergency update contains a total of 38 security fixes, including some of a very low severity. You can view the full list at Google's Chrome Releases blog.</p><p></p><p>The patch for CVE-2024-7971 is included in Google Chrome versions 128.0.6613.84 (Windows and Linux) and 128.0.6613.85 (macOS). To check your current Chrome version, go to Settings, enter "Help," and navigate to "About Google Chrome." You'll see an option to manually update Chrome if the update hasn't been installed on your system.</p><p></p><p>[URL unfurl="true"]https://www.bleepingcomputer.com/news/security/google-fixes-ninth-actively-exploited-chrome-zero-day-in-2024/[/URL]</p></blockquote><p></p>
[QUOTE="lokamoka820, post: 1098758, member: 108773"] Here we go again. Google Chrome is pushing an emergency update to patch an actively-exploited zero-day vulnerability. You should install the update immediately, as failure to do so will leave your system exposed to a high-severity attack. The vulnerability in question—CVE-2024-7971—extends from a type confusion flaw in Chrome's V8 JavaScript engine. Malicious actors are actively exploiting this flaw to leverage arbitrary code execution on targeted Windows, macOS, and Linux devices, according to Google. The bug may also exist in "a third-party library" utilized by other apps, though this hasn't been confirmed. Researchers at the Microsoft Threat Intelligence Center (MSTIC) and Microsoft Security Response Center (MSRC) discovered and reported CVE-2024-7971 on August 19th. Predictably, Microsoft and Google have kept the "bug details" close to their chest. We won't know the full story behind this flaw until a majority of Chrome users have installed Google's patch. It could be an especially long wait if the flaw exists in third-party JavaScript libraries. This is the ninth Chrome zero-day to be patched by Google in 2024. While the large number of zero-day disclosures is somewhat concerning, we should be careful to avoid survivorship bias. Increased zero-day identification could extend from poor security practices at Google, but the simpler and more reasonable explanation is that White Hat efforts have grown more effective. Note that Chrome's emergency update contains a total of 38 security fixes, including some of a very low severity. You can view the full list at Google's Chrome Releases blog. The patch for CVE-2024-7971 is included in Google Chrome versions 128.0.6613.84 (Windows and Linux) and 128.0.6613.85 (macOS). To check your current Chrome version, go to Settings, enter "Help," and navigate to "About Google Chrome." You'll see an option to manually update Chrome if the update hasn't been installed on your system. [URL unfurl="true"]https://www.bleepingcomputer.com/news/security/google-fixes-ninth-actively-exploited-chrome-zero-day-in-2024/[/URL] [/QUOTE]
Insert quotes…
Verification
Post reply
Top
