CVE-2024-7965 affects the V8 JavaScript engine used in Google Chrome. This zero-day vulnerability stems from a flawed implementation that allows attackers to exploit heap corruption through specially crafted HTML pages. With a CVSS score of 8.8, it poses a serious threat to the confidentiality and integrity of affected systems.
First discovered by the security researcher known as “TheDog” on July 30, 2024, this flaw has prompted Google to issue a critical update. The patch is available in Chrome version 128.0.6613.84 for Linux and 128.0.6613.84/.85 for Windows and Mac.
Given that CVE-2024-7965 is actively being exploited, users must apply this update immediately. Google has been proactive in addressing such threats, as demonstrated by their previous work on CVE-2024-7971, another critical flaw in the V8 engine.
What do you think?
It is nice to know your opinion. Leave a comment.