If you use Google Chrome or a Chromium-based web browser, you need to update it ASAP.
Google’s latest update for Chrome, version 128.0.6613.84/.85 (Windows/Mac) and 128.0.6613.84 (Linux), comes with patches for 38 security vulnerabilities, eight of which Google identifies as “High” severity. Google detailed all these patches in its latest Chrome Releases blog post, running through each vulnerability’s type, severity, reward (the money rewarded to the researcher who discovered it), and noting who reported the flaw.
While it’s important to fix all these vulnerabilities, one of them is more important than others: The vulnerability, a zero-day, is tracked as CVE-2024-7971, and is a type confusion flaw affecting Chrome’s V8 JavaScript engine. Type confusion occurs when a program processes an object without checking its type first: If that type is incompatible or incorrect, it can create a vulnerability that bad actors can exploit.
That’s the case with CVE-2024-7971: Google confirmed in its blog post that the company is aware an exploit for this vulnerability exists in the wild, which means someone, somewhere knows how to use it. Worse yet, this vulnerability doesn’t require an attacker to have physical access to your browser, as a remote hacker was able to exploit it. The chances may be low that a hacker would both know about this exploit and have their eyes set on your Chrome browser, but the odds aren’t zero. Why take the risk?
According to The Hacker News, this is the ninth zero-day vulnerability Google has addressed this year, and the third type confusion issue affecting its V8 JavaScript engine. Interestingly, it was Microsoft Security Response Center who reported the bug, earning $11,000 in the process.
While the other 37 vulnerabilities aren’t zero-days, and thus have no known active exploits at this time, they’re still important to patch immediately. Now that these flaws are out in the open, it’s only a matter of time before bad actors figure out how to exploit them, too. If you browser isn’t updated, you’re left vulnerable to any of these potential exploits.
Update to protect your browser from this vulnerability
As noted above, this bug doesn’t just affect Chrome, but all browsers built on the open-source platform Chromium. That includes Chrome, of course, but also Microsoft Edge, Opera, Brave, and Vivaldi. If you use any of these browsers, you should update as soon as possible.
To update Chrome, tap on the three dots in the top-right corner of your window, then go to Help > About Google Chrome. Let Chrome look for a new update. If one is available, you can click Relaunch to allow the browser to install the patch.
Disclaimer
Artificial Intelligence Disclosure & Legal Disclaimer
AI Content Policy.
To provide our readers with timely and comprehensive coverage, South Florida Reporter uses artificial intelligence (AI) to assist in producing certain articles and visual content.
Articles: AI may be used to assist in research, structural drafting, or data analysis. All AI-assisted text is reviewed and edited by our team to ensure accuracy and adherence to our editorial standards.
Images: Any imagery generated or significantly altered by AI is clearly marked with a disclaimer or watermark to distinguish it from traditional photography or editorial illustrations.
General Disclaimer
The information contained in South Florida Reporter is for general information purposes only.
South Florida Reporter assumes no responsibility for errors or omissions in the contents of the Service. In no event shall South Florida Reporter be liable for any special, direct, indirect, consequential, or incidental damages or any damages whatsoever, whether in an action of contract, negligence or other tort, arising out of or in connection with the use of the Service or the contents of the Service.
The Company reserves the right to make additions, deletions, or modifications to the contents of the Service at any time without prior notice. The Company does not warrant that the Service is free of viruses or other harmful components.
