bleepingcomputer[.]com/news/security/google-fixes-ninth-actively-exploited-chrome-zero-day-in-2024/
"Google is aware that an exploit for CVE-2024-7971 exists in the wild," the company said in an advisory published on Wednesday.This high-severity zero-day vulnerability is caused by a type confusion weakness in Chrome's V8 JavaScript engine. Security researchers with the Microsoft Threat Intelligence Center (MSTIC) and Microsoft Security Response Center (MSRC) reported it on Monday.
Although such security flaws can commonly enable attackers to trigger browser crashes after data allocated into memory is interpreted as a different type, they can also exploit them for arbitrary code execution on targeted devices running unpatched browsers.
Google has fixed the zero-day with the release of 128.0.6613.84/.85 for Windows/macOS and 128.0.6613.84 (Linux), versions that will roll out to all users in the Stable Desktop channel over the coming weeks.
While Chrome updates automatically when security patches are available, users can also speed up the process by going to the Chrome menu > Help > About Google Chrome, letting the update finish, and clicking the 'Relaunch' button to install it.