Get all your news in one place.
100’s of premium titles.
One app.
Start reading
Tom’s Guide
Tom’s Guide
Technology
Scott Younker

Billons of Chrome users at risk from hacker attacks — severe flaw exploited

Padlock shadow in front of the Google Chrome logo.

Google is in the process of rolling out patches that address a high-severity security flaw in its Chrome browser. According to Google, this flaw has come under active exploitation in the wild.

The flaw (tracked as CVE-2024-7971) is a confusion bug in the V8 JavaScript and WebAssembly engine (h/t to The Hacker News). Google acknowledged the flaw in a blog post saying that the company is "aware that an exploit for CVE-2024-7971 exists in the wild."

According to the National Vulnerability Database, this confusion bug "allowed a remote attacker to exploit heap corruption via a crafted HTML page." For those unaware, heap corruption refers to memory exploits. In some cases they can be benign according to BlackBerry, however, they can also cause a fatal memory fault where the system won't allow associated processes to occur.

In Google's blog, they credit the Microsoft Threat Intelligence Center and the Microsoft Security Response Center for discovering and reporting the flaw on August 19. 

As the time of writing, Google has not released any details about the nature of any attacks exploiting the flaw or who might have been weaponizing it. According to Hacker News, this is third type confusion page that has been patched this year by Google.

To apply Google's fix, you'll need to upgrade to Chrome version 128.0.6613.84/.85 for Windows and macOS. Linux users will need to update to version 128.0.6613.84. Again, the fix is being rolled out gradually so it might not immediately be available to all Chrome users. Make sure to check back frequently if you don't see the new version just yet.

Other Chromium-based browsers may also be affected including Brave, Microsoft Edge, Opera and Vivaldi and users should apply any fixes as soon as they become available. 

More from Tom's Guide

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.