Google has released an emergency update to address an actively exploited zero-day vulnerability in its Chrome browser. The flaw, designated CVE-2024-7971, is a type confusion flaw in Chrome’s V8 JavaScript engine which, when exploited, could allow threat actors to conduct out-of-bounds memory access leading to the execution of arbitrary code and denial of service conditions.
As per Google’s usual policy, the company has provided limited information on CVE-2024-7971 but has admitted it is aware that an exploit for the zero day exists in the wild.
Google is advising all users of affected versions of Chrome to update to the latest fixed versions as soon as possible. Users of Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi are also advised to install the updates as soon as they are available.
Source: Bleeping Computer
Analysis
CVE-2024-7971 marks the ninth zero-day vulnerability found in Google Chrome since the beginning of 2024. That said, threat actors are growing more sophisticated by the day and may be to blame for the growing number of vulnerabilities.
Regardless, 2024 has demonstrated to Google that it must prioritize proactively discovering vulnerabilities in its flagship browser which, because of Chrome’s huge attack surface, represents a great opportunity for threat actors and a serious cybersecurity threat for network defenders.
Additionally, given the high level of exploitation observed in 2024, Chrome users must also ensure that they install any updates as soon as possible to minimize the risk these vulnerabilities pose.
Mitigation
Field Effect’s elite team of Security Intelligence professionals constantly monitor the cyber threat landscape for vulnerabilities discovered in browsers such as Chrome. This research contributes to the timely deployment of signatures into Field Effect MDR to detect and mitigate the exploitation of these vulnerabilities. Field Effect MDR users were automatically notified if a vulnerable version of Chrome was detected in their environment and are encouraged to review these AROs as quickly as possible via the Field Effect Portal.
Field Effect strongly encourages users of the affected Chrome versions to update to the latest version as soon as possible, in accordance with Google’s advisory.
Related Articles
