Chromium Vulnerability Known Exploitation - 20240826001¶
Overview¶
Google has released updates to address a Type confusion vulnerability in V8 in Chrome and chromium based browsers (e.g. Microsoft Edge) which could allow remote attacker(s) to exploit heap corruption via a crafted HTML page. The vulnerability is actively exploited in the wild.
What is vulnerable?¶
| Product(s) Affected | Version(s) | CVE # | CVSS v4/v3 | Severity |
|---|---|---|---|---|
| Microsoft Edge | prior to 128.0.2739.42 | CVE-2024-7971 | 8.8 | High |
| Google Chrome | prior to 128.0.6613.84 for Linux prior to 128.0.6613.84 for Windows prior to 128.0.6613.85 for Mac |
CVE-2024-7971 | 8.8 | High |
Recommendation¶
The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of 48 hours... (refer Patch Management):
Additional References¶
- Microsoft Security Response Center: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-7971
- Google Chrome Releases: https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop_21.html
- The Hacker News: https://thehackernews.com/2024/08/google-fixes-high-severity-chrome-flaw.html