Google Chrome users are being urged to update their browsers immediately due to a critical security vulnerability identified as CVE-2024-7971 . This vulnerability, known as a type confusion flaw, affects the V8 JavaScript and WebAssembly engine within Google Chromium versions prior to 128.0.6613.84. The flaw allows a remote attacker to exploit heap corruption through a specially crafted HTML page, making it a significant threat with a CVSS score of 8.8 (High).

Impact and Exploitation

The vulnerability has been observed under active exploitation in the wild, meaning attackers are already leveraging this flaw to conduct attacks. The presence of CVE-2024-7971 in the CISA Known Exploited Vulnerability (KEV) catalog further underscores its critical nature. There is also evidence suggesting that ransomware operators are actively using this vulnerability, increasing the urgency for organisations and users to address it.

Affected Products

The following products are affected by CVE-2024-7971:

• Google Chrome versions prior to 128.0.6613.84

Recommendations for Mitigation

The National Cyber Security Centre (NCSC) strongly advises all affected users and organisations to review the latest release notes from Google and install the necessary updates without delay to mitigate potential risks. To protect against exploitation, users should ensure their browsers are updated to the latest version.

For more detailed guidance and additional mitigation strategies, please refer to the following resources:

• Chrome Release Notes for Desktop
• Chromium Issue Tracker By taking prompt action, organisations can safeguard their systems against this critical vulnerability and reduce the risk of cyberattacks.

For tailored solutions to safeguard your business from cybersecurity threats, contact our team today .

Fill out the form below to get started, and let our experts help you enhance your cybersecurity posture. 👇