Google has rolled out Chrome version 128.0.6613.84/.85 for Windows and macOS users, and 128.0.6613.84 for Linux users, addressing a high-severity zero-day vulnerability that has been actively exploited in the wild.
The vulnerability, tracked as CVE-2024-7971, is caused by a type confusion flaw in Chrome's V8 JavaScript engine. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a type confusion error and execute arbitrary code on the target system.
Google said in its advisory that it is “aware that an exploit for CVE-2024-7971 exists in the wild,” although it didn’t provide any details regarding the nature of the exploitation.
In addition to the above mentioned zero-day bug, the internet giant addressed multiple high-risk remote code execution vulnerabilities.
Given the active exploitation of this vulnerability, users are strongly urged to update their Chrome browsers as soon as possible.