Every time a new zero-day exploit is discovered, I’m reminded of that old Harry James song, “I’ve Heard That Song Before.” This feeling is particularly strong today as Google has issued another urgent update for Chrome due to a critical security flaw.
You should update Chrome immediately.
According to BleepingComputer, this is the ninth security vulnerability addressed by Google in Chrome this year alone. The urgency of this update is underscored by the fact that the vulnerability, identified as CVE-2024-7971, is actively being exploited in the wild. The issue stems from a “type confusion” problem within Google’s JavaScript engine, which was initially discovered by Microsoft’s Threat Intelligence Center and Security Response Center last month. However, specific details on how the exploit operates have not been disclosed by either company.
Despite the competitive nature between Microsoft and Google, both companies share a common interest in ensuring the security of Chrome, which is a major player in the web browser market and closely related to Microsoft’s Edge browser through the Chromium project.
In addition to addressing this critical vulnerability, today’s update also includes seven high-priority patches and thirteen others categorized as medium or low priority. Users should ensure they are on Chrome version 128.0.6613.84 for Windows and Linux or 128.0.6613.85 for Mac.