Google has released an urgent update for its Chrome browser to address a critical security flaw that is actively being exploited by attackers. The vulnerability, tracked as CVE-2024-7971, was discovered by the Microsoft Threat Intelligence Center (MSTIC) and Microsoft Security Response Center (MSRC) on August 19, 2024. The flaw is a type confusion bug in Chrome’s V8 JavaScript and WebAssembly engine.
According to the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD), this vulnerability “allowed a remote attacker to exploit heap corruption via a crafted HTML page.” In other words, hackers could potentially take control of a user’s Chrome browser on desktop systems, steal data, or install malware without the user’s knowledge. Google acted swiftly, rolling out an update to patch the flaw within two days of its discovery. The company has not disclosed specific details about the vulnerability or how it is being exploited to prevent bad actors from taking advantage of the weakness before users have had a chance to update their browsers.
For Windows, Mac, and Linux users, Google has released Chrome version 128.0.6613.84/.85. The update should download automatically, but users are advised to manually check and restart their browser to ensure the update is installed. To update Chrome, users should:
1.
Open Google Chrome on their computer.
Urgent Chrome patch issued
2.
Click on the three dots in the top-right corner. 3. Select ‘Help’, then ‘About Google Chrome’.
4. Chrome will automatically check for updates and install if any are available. 5.
Restart the browser to complete the update process. In addition to updating Chrome, users can take additional steps to enhance their security and privacy, such as installing strong antivirus software, being cautious of potential scams, and using strong and unique passwords with the help of a password manager. This latest vulnerability highlights the importance of keeping software up to date to stay ahead of cybersecurity threats.
Users are reminded that prompt updates are crucial in the race against time when it comes to cybersecurity.
Rashan is a seasoned technology journalist and visionary leader serving as the Editor-in-Chief of DevX.com, a leading online publication focused on software development, programming languages, and emerging technologies. With his deep expertise in the tech industry and her passion for empowering developers, Rashan has transformed DevX.com into a vibrant hub of knowledge and innovation. Reach out to Rashan at [email protected]
