Google Fixes CVE-2024-7965 Security Vulnerability in Chrome
TapTechNews August 27th news, Google announced yesterday (August 26th) that it has fixed the security vulnerability with tracking number CVE-2024-7965, which is also the 10th zero-day vulnerability of Chrome browser fixed by Google this year.
The security vulnerability was reported by a security researcher named TheDog and exists in the V8 JavaScript engine of Chrome browser, which belongs to improper implementation and can allow remote attackers to initiate heap corruption through elaborately crafted HTML pages.
Google disclosed in the announcement that hackers have already used the CVE-2024-7965 vulnerability to launch attacks and urged users to upgrade as soon as possible.
TapTechNews reported on August 23rd about the security vulnerability with tracking number CVE-2024-7971, which also exists in the V8 engine of Chrome browser.
Although Google confirmed that the CVE-2024-7971 and CVE-2024-7965 vulnerabilities have been used in the wild, it has not yet shared more information about these attacks.
The other 8 zero-day vulnerabilities exposed by Google this year are as follows:
CVE-2024-0519: There is a serious out-of-bounds memory access vulnerability in the V8 JavaScript engine of Chrome browser, allowing remote attackers to exploit heap corruption through specially crafted HTML pages and resulting in unauthorized access to sensitive information.
CVE-2024-2887: A high-severity type confusion vulnerability in the WebAssembly (Wasm) standard. This vulnerability can lead to a vulnerability of remote code execution (RCE) by using forged HTML pages.
CVE-2024-2886: There is a use-after-free vulnerability in the WebCodecs API used by web applications to encode and decode audio and video.
CVE-2024-4671: There is a high-severity use-after-free defect in the Visuals component that handles the rendering and display of content in the browser.
CVE-2024-3159: A high-severity out-of-bounds read vulnerability in the Chrome V8 JavaScript engine.
CVE-2024-4761: There is an out-of-bounds write problem in the V8 JavaScript engine of Chrome browser, which is responsible for executing JS code in applications.
CVE-2024-4947: A type confusion weakness in the Chrome V8 JavaScript engine, which can install arbitrary code.
CVE-2024-5274: A chaos in the Chrome V8 JavaScript engine, which may lead to crashes, data corruption or arbitrary code execution.
Windows X64 version
Latest version: 128.0.6613.85
File size: 106.80 MB
Update time: 5 days ago
SHA1: F7F906E8E8AD99141959AEF4FCE17CED23F6506A
SHA256: C5877D79A6D7A450E66083FD273BF4DF6776920D69F6277CA917DD4BF35F1BCC
http://dl.google.com/release2/chrome/dqhg5b5gxzjpvopsgls6cjg3im_128.0.6613.85/128.0.6613.85_chrome_installer.exe
https://dl.google.com/release2/chrome/dqhg5b5gxzjpvopsgls6cjg3im_128.0.6613.85/128.0.6613.85_chrome_installer.exe
Windows X86 version
Latest version: 128.0.6613.85
File size: 97.26 MB
Update time: 5 days ago
SHA1: 867FB211088CEF97E88D45F655B21F03244A1D6D
SHA256: F44B0A79CBF429EA63A1C45DD79E849B81002F39DD58E581F86FEDE428ABE56E
http://dl.google.com/release2/chrome/hl22f2hne6odw4jbgrnn777wsq_128.0.6613.85/128.0.6613.85_chrome_installer.exe
https://dl.google.com/release2/chrome/hl22f2hne6odw4jbgrnn777wsq_128.0.6613.85/128.0.6613.85_chrome_installer.exe