Google has released a patch to address a new Chrome zero-day vulnerability that is actively exploited.
The vulnerability tracked as CVE-2024-7965 with a CVSS score of 8.8 is an inappropriate implementation issue that resides in Chrome’s V8 JavaScript engine.
As per the advisory, Google is aware that exploits for CVE-2024-7971 and CVE-2024-7965 exist in the wild and did not share details about the attacks exploiting the issue. Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third-party library that other projects similarly depend on but haven’t yet fixed.
Google addressed the vulnerability with the release of 128.0.6613.84/.85 for Windows/macOS and 128.0.6613.84 (Linux). The company will release versions for all users in the Stable Desktop channel over the coming weeks.
