For the ninth time this year, Google has discovered and patched a critical security vulnerability in the Chrome web browser. Today’s update resolves CVE-2024-7971, a type confusion vulnerability that exploits a bug in Google’s JavaScript engine. It is better not to put off installing the patch, since it has become known that this exploit is being exploited by attackers.
The problem was discovered jointly by Microsoft’s Threat Intelligence Center and Security Response Center last month, but neither company has released technical details of the exploit. The report emphasizes that the vulnerability is already being exploited “in the wild.”
Microsoft is nominally a competitor to Google, but when it comes to browser security, the companies’ interests largely coincide. Microsoft Edge and Google Chrome, as well as a dozen other browsers, are based on Google’s open-source Chromium project. Therefore, any vulnerabilities found in one browser are almost 100% likely to be present in all of its “brothers.”
Today’s Chrome update also includes seven other high priority fixes and thirteen medium or low priority fixes. The current version of the browser for Windows and Linux is 128.0.6613.84, for Mac – 128.0.6613.85.
Google настоятельно рекомендует пользователям немедленно обновить Chrome. Для этого нужно открыть пункт меню «Параметры» —> «Справка» —> «About Google Chrome”, wait for the update to download, and then restart the browser.