Update Chrome Now to Protect Yourself From Zero-Day Exploit
If you are using Google Chrome or a Chromium-based web browser, you need to update it as soon as possible.
Google’s latest update to Chrome, version 128.0.6613.84/.85 (Windows/Mac) and 128.0.6613.84 (Linux), includes fixes for 38 security vulnerabilities, eight of which Google identifies as “high” severity. Google detailed all of these fixes in its latest Chrome Releases blog post , listing the type of each vulnerability, its severity, the reward (money received by the researcher who discovered it), and noting who reported the vulnerability.
While it’s important to fix all of these vulnerabilities, one is more important than the others: the zero-day vulnerability is tracked as CVE-2024-7971, a type confusion bug affecting the Chrome V8 JavaScript engine. Type confusion occurs when a program processes an object without first checking its type: if the type is inconsistent or incorrect, it can create a vulnerability that can be exploited by attackers.
That’s the case with CVE-2024-7971: Google confirmed in a blog post that the company knows that an exploit for this vulnerability exists in the wild, meaning that someone, somewhere knows how to exploit it. Even worse, this vulnerability does not require an attacker to have physical access to your browser, as it could have been exploited by a remote hacker . The chances of a hacker finding out about this exploit and taking a closer look at your Chrome browser may be low, but the chances are not zero. Why take the risk?
According to The Hacker News , this is the ninth zero-day vulnerability Google has patched this year, and the third type confusion issue affecting its V8 JavaScript engine. Interestingly, the bug was reported by the Microsoft Security Response Center, earning $11,000 in the process.
Although the remaining 37 vulnerabilities are not zero-day and therefore have no known active exploits at this time, they are still important to patch immediately. Now that these flaws have become apparent, it’s only a matter of time before attackers figure out how to exploit them. If your browser is not updated, you remain vulnerable to any of these potential exploits.
Update to protect your browser from this vulnerability.
As noted above, this bug affects not only Chrome, but all browsers built on the open source Chromium platform. This includes Chrome, of course, but also Microsoft Edge, Opera, Brave and Vivaldi. If you are using any of these browsers, you should update it as soon as possible.
To update Chrome, click the three dots in the top right corner of the window, then choose Help > About Google Chrome . Let Chrome look for a new update. If it’s available, you can click Restart to allow the browser to install the patch.