Google has addressed a high-severity inappropriate implementation vulnerability in Chrome's V8 JavaScript engine, tracked as CVE-2024-7965, which is the 10th actively exploited zero-day in the browser so far this year, just days after it patched a type confusion weakness within the browser's V8 JavaScript engine, tracked as CVE-2024-7971, according to Security Affairs.
Additional details regarding intrusions exploiting the issue, which was reported by security researcher TheDog late last month, were not provided. "Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven't yet fixed," said Google in an advisory, which also noted ongoing attacks exploiting CVE-2024-7971. While Google has already addressed the issue in Chrome versions 128.0.6613.84/.85 for Windows/macOS and 128.0.6613.84 for Linux, fixes will be issued for all Stable Desktop channel users in the next few weeks.
