The U.S. Cybersecurity and Infrastructure Security Agency (CISA) Google Chromium V8 Inappropriate Implementation Vulnerability CVE-2024-38856 (CVSS score of 8.8) to its .
This week Google released a security update to address the Chrome zero-day vulnerability that is actively exploited.
The vulnerability is an Inappropriate implementation issue that resides in Chrome’s V8 JavaScript engine.
“Google is aware that exploits for CVE-2024-7971 and CVE-2024-7965 exist in the wild.” the advisory published by the company that did not share details about the attacks exploiting the issue. “Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.”.
“We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.”
The security researcher TheDog reported the flaw on 2024-07-30.
Google addressed the vulnerability with the release of 128.0.6613.84/.85 for Windows/macOS and 128.0.6613.84 (Linux). The company will release versions for all users in the Stable Desktop channel over the coming weeks.
According to , FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.
Experts also recommend private organizations review the and address the vulnerabilities in their infrastructure.
CISA orders federal agencies to fix this vulnerability by September 18, 2024.
Follow me on Twitter: and and Mastodon
(SecurityAffairs – hacking, CISA)