Google released an emergency security update to address a Chrome zero-day vulnerability, tracked as CVE-2024-7971, that is actively exploited.
The vulnerability is a type confusion issue that resides in Chrome’s V8 JavaScript engine.
As per Google advisory, it is aware that an exploit for CVE-2024-7971 exists in the wild and did not share details about the attacks exploiting the issue.
Security researchers with the Microsoft Threat Intelligence Center and Microsoft Security Response Center reported the flaw to Google.
Google addressed this and another 37 vulnerabilities with the release of 128.0.6613.84/.85 for Windows/macOS and 128.0.6613.84 (Linux). The stable version will be released in the coming weeks.
The 8 other actively exploited Google Chrome zero-day vulnerabilities in this year
- CVE-2024-0519: January 2024
- CVE-2024-3159: March 2024
- CVE-2024-2886: March 2024
- CVE-2024-2887: March 2024
- CVE-2024-5274: May 2024
- CVE-2024-4671: May 2024
- CVE-2024-4947: May 2024
- CVE-2024-4761: May 2024
