Type Confusion vulnerability in V8 in Google Chrome Desktop

Severity:Critical

Date of Publish: 30th-Aug’24

Affected System

Google Chrome prior to 128.0.6613.113

Summary

A remote code execution vulnerability is reported in Type Confusion vulnerability in V8 in Google Chrome could allow remote attacker to execute unintended code in the affected system.

Description:

The vulnerability occurs Google chrome v8 Type confusion which could allow remote attacker to potentially exploit heap corruption via a specially crafted page. successful exploitation of this vulnerability will lead to system comprise and can conduct DOS attack on the affected system,

Recommendation:

Apply patches as recommended by the vendor:

https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop_28.html

CVE Name:

CVE-2024-7969

NOTE: The information is provide is on “as is “ basis, without assurance of any kind .

Revision history

1. 29-Aug-24 –  advisory published. — updated to 128.0.6613.113/.114 for Windows, Mac and 128.0.6613.113 for Linux

About The Author

Gaurav Srivastava

15+ years of commended experience in performance in vulnerability assessment and Penetration testing, perform DAST, SAST and SCA scan Application security of web application, OWASP Testing Framework/Application security controls. Testing of webservices, source code analysis, vulnerability patch management .ISO 27001:2005 security audits of function and projects.

See author's posts