One vulnerability, Chrome’s CVE-2024-7971, is a timing issue and was being exploited before Google got around to fixing it. The problem that was found by Microsoft’s Threat Intelligence Centre is the type confusion flaw in Chrome’s V8 JavaScript engine, the component through which the JavaScript in the browser is performed. This could potentially enable attackers to engage in memory manipulation, causing the execution of code on the related devices because of the presence of wrong information in web pages.
This made this vulnerability very severe to an extent that Google had to release an out-of-band update, Chrome 128. 0. 6613. 84/. 85, for Windows, macOS and Linux. Although the browser version, moreover, Chrome offers the users to update its version automatically it is recommended to update it manually because it would protect the users from potential threats. This is one of the latest zero-day threats that Google had to address in 2024, which is the ninth so far: it underlines that internet users are still at risk.
It is using the lack of detailed identification of the kind of attack it employs this flaw to wage to avoid giving potential attackers additional information about the vulnerability before most of its users upgrade to the safer version of the web browser. For this reason, it is also recommended that users of the other Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi apply the patches as soon as they are released.
This was a major event to show how relying on out-of-date software can lead to catastrophic security failures, and how more and more hackers are focusing on pervasive programs such as Chrome.