{"id":8703,"date":"2024-05-25T15:48:20","date_gmt":"2024-05-25T06:48:20","guid":{"rendered":"https:\/\/cyberenso.jp\/?p=8703"},"modified":"2025-01-19T15:48:58","modified_gmt":"2025-01-19T06:48:58","slug":"new-chrome-zero-day-vulnerability-cve-2024-4761-under-active-exploitation","status":"publish","type":"post","link":"https:\/\/cyberenso.jp\/en\/new-chrome-zero-day-vulnerability-cve-2024-4761-under-active-exploitation\/","title":{"rendered":"New Chrome Zero-Day Vulnerability CVE-2024-4761 Under Active Exploitation"},"content":{"rendered":"\n<p>Google has announced that it patched its 10th zero-day exploit of 2024. The vulnerability, tagged as CVE-2024-7965, was found in Google Chrome and is linked to an issue in V8, Chrome&#8217;s JavaScript engine. This flaw, present in versions before 128.0.6613.84, could allow attackers to exploit heap corruption using a crafted HTML page.<\/p>\n\n\n\n<p>The problem, described as an &#8220;inappropriate implementation in V8,&#8221; stems from poorly designed or implemented code, causing unintended behavior. This could lead to unexpected memory access, which attackers can exploit.<\/p>\n\n\n\n<p>The vulnerability was discovered by a Google Bug Bounty participant, known as TheDog, who pinpointed the issue to a bug in the compiler backend during just-in-time (JIT) compilation. With a CVSS score of 8.8, the flaw poses a serious risk to the confidentiality and integrity of affected systems.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Google has announced that it patched its 10th zero-day exploit of 2024. The vulnerability, tagged as CVE-2024-7965, was found in Google Chrome and is linked to an issue in V8, Chrome&#8217;s JavaScript engine. This flaw, present in versions before 128.0.6613.84, could allow attackers to exploit heap corruption using a crafted HTML page. The problem, described as an &#8220;inappropriate implementation in<span class=\"excerpt-hellip\"> [\u2026]<\/span><\/p>\n","protected":false},"author":1,"featured_media":7120,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2,8,1],"tags":[],"class_list":["post-8703","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-ce_news","category-industry_sector","category-uncategorized"],"acf":[],"jetpack_featured_media_url":"https:\/\/i0.wp.com\/cyberenso.jp\/wp-content\/uploads\/2022\/08\/09.jpg?fit=1379%2C920&ssl=1","_links":{"self":[{"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/posts\/8703"}],"collection":[{"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/comments?post=8703"}],"version-history":[{"count":1,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/posts\/8703\/revisions"}],"predecessor-version":[{"id":8704,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/posts\/8703\/revisions\/8704"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/media\/7120"}],"wp:attachment":[{"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/media?parent=8703"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/categories?post=8703"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/tags?post=8703"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}