Google Updates Chrome Blog, Reveals Another High-Risk Vulnerability Exploited by Hackers, Now Fixed

Last week, Google released an urgent security update for Chrome to fix a security vulnerability that had been exploited by hackers. This vulnerability, identified as CVE-2024-7971, is located in the Chrome JavaScript V8 engine and is classified as a type confusion error. It was discovered by researchers at the Microsoft Threat Intelligence Center and the Microsoft Security Response Center, who then reported it to Google.

At the time, Google also addressed other security vulnerabilities. Today, an update to Google's blog revealed that the CVE-2024-7965 vulnerability had also been exploited, a fact unknown until now as there had been no evidence of its exploitation.

The CVE-2024-7965 vulnerability was reported by a security researcher known as TheDog and is also related to an improper implementation in the V8 engine. Attackers could trigger the vulnerability using specially crafted HTML.

These vulnerabilities have been fixed in Chrome versions v128.0.6613.84/.85. Since the release of this version five days ago, most users should have been automatically updated to the latest version.

Google has yet to disclose details about the hacker groups that exploited these vulnerabilities or other specifics. Typically, Google gradually discloses vulnerability details only when most users are unaffected. If a vulnerability involves third-party libraries, disclosure may be delayed to give developers more time to fix the issue, avoiding targeted attacks by hackers after the details are made public.

Other Browsers Also Need Updates:

Any browser based on the Chromium engine will need to release updates to fix this vulnerability. Therefore, if you're not using Chrome but are using browsers like Microsoft Edge, Vivaldi, or Brave, which are developed based on Chromium, you should stay tuned for upcoming updates.