Menu
Google has announced that it patched its 10th zero-day exploit of 2024. The vulnerability, tagged as CVE-2024-7965, was found in Google Chrome and is linked to an issue in V8, Chrome’s JavaScript engine. This flaw, present in versions before 128.0.6613.84, could allow attackers to exploit heap corruption using a crafted HTML page.
The problem, described as an “inappropriate implementation in V8,” stems from poorly designed or implemented code, causing unintended behavior. This could lead to unexpected memory access, which attackers can exploit.
The vulnerability was discovered by a Google Bug Bounty participant, known as TheDog, who pinpointed the issue to a bug in the compiler backend during just-in-time (JIT) compilation. With a CVSS score of 8.8, the flaw poses a serious risk to the confidentiality and integrity of affected systems.
NCSC Threat Reports Feed© 2021 CyberEnsō – Nihon Cyber Defence Co., Ltd. All Rights Reserved.
