Google has released Chrome 128 (128.0.6613.84 for Linux and 128.0.6613.84/.85 for Windows and Mac) to address a critical zero-day vulnerability actively exploited in the wild. The update includes 38 security fixes, with contributions from external researchers.
Chrome Zero-Day Vulnerability
The Chrome team has addressed a zero-day vulnerability, CVE-2024-7971, involving type confusion in Chrome’s V8 JavaScript engine. Reported by Microsoft Threat Intelligence Center and Microsoft Security Response Center on August 19, 2024, this flaw was actively exploited.
The specific exploit details are restricted to protect users, highlighting the vulnerability’s severity. The Chrome team has restricted access to bug details until most users update their browsers, preventing further exploitation. Chrome 128 also includes various other security fixes.
Below is a table summarizing the key vulnerabilities addressed in this update:
| Bounty | CVE ID | Severity | Description | Reported On |
| $36,000 | CVE-2024-7964 | High | Use after free in Passwords | 2024-08-08 |
| $11,000 | CVE-2024-7965 | High | Inappropriate implementation in V8 | 2024-07-30 |
| $10,000 | CVE-2024-7966 | High | Inappropriate Implementation in Permissions | 2024-07-25 |
| $7,000 | CVE-2024-7967 | High | Heap buffer overflow in Fonts | 2024-07-27 |
| $1,000 | CVE-2024-7968 | High | Use after free in Autofill | 2024-06-25 |
| TBD | CVE-2024-7969 | High | Type Confusion in V8 | 2024-07-09 |
| TBD | CVE-2024-7971 | High | Type confusion in V8 | 2024-08-19 |
| $11,000 | CVE-2024-7972 | Medium | Inappropriate implementation in V8 | 2024-06-10 |
| $7,000 | CVE-2024-7973 | Medium | Heap buffer overflow in PDFium | 2024-06-06 |
| $3,000 | CVE-2024-7974 | Medium | Insufficient data validation in V8 API | 2024-05-07 |
| $3,000 | CVE-2024-7975 | Medium | Insufficient data validation in the Installer | 2024-06-16 |
| $2,000 | CVE-2024-7976 | Medium | Inappropriate implementation in FedCM | 2024-05-10 |
| $1,000 | CVE-2024-7977 | Medium | Insufficient Policy Enforcement in Data Transfer | 2024-02-11 |
| $1,000 | CVE-2024-7978 | Medium | Insufficient data validation in the Installer | 2022-07-21 |
| TBD | CVE-2024-7979 | Medium | Insufficient data validation in the Installer | 2024-07-29 |
| TBD | CVE-2024-7980 | Medium | Inappropriate Implementation in Views | 2024-07-30 |
| $1,000 | CVE-2024-7981 | Low | Inappropriate Implementation in WebApp Installs | 2023-07-14 |
| $500 | CVE-2024-8033 | Low | Inappropriate implementation in WebApp Installs | 2024-06-30 |
| $500 | CVE-2024-8034 | Low | Inappropriate implementation in Custom Tabs | 2024-07-18 |
| TBD | CVE-2024-8035 | Low | Inappropriate implementation in Extensions | 2022-04-26 |
The Chrome team thanks security researchers for their contributions and urges users to update to the latest version for protection. Google will share more about new features and efforts in future blog posts. Staying updated and collaborating with the security community are key to user safety.
Follow Us on: Twitter, Instagram, Facebook to get the latest security news!
Leave A Comment