Definition
CVE-2024-7965 is the improper Google Chrome browser's implementation of the V8 JavaScript engine (CVSS score: 8.8). This gap allows an attacker to potentially execute malicious code on the victim’s device by using a specially crafted HTML page to trigger heap corruption.
Heap Corruption
This issue occurs when a program's memory allocation and deallocation algorithms mishandle the memory. This typically happens when software writes data to a memory location that is either unallocated or intended for a different purpose.
Impact
The affected software may crash
Produce invalid results
Allow attackers to gain unauthorised access
Exploit Details
Type confusion vulnerability in V8
Heap corruption triggered by crafted HTML page
Exploitable by remote attackers
Affects Google Chrome versions up to 128.0.6613.84
Mitigation and Patch
Patched in Google Chrome version 128.0.6613.84 and later
Related Finds
Google has so far addressed nine zero-days in Chrome since the start of 2024
CVE-2024-0519 - Out-of-bounds memory access in V8
CVE-2024-2886 - Use-after-free in WebCodecs (demonstrated at Pwn2Own 2024)
CVE-2024-2887 - Type confusion in WebAssembly (demonstrated at Pwn2Own 2024)
CVE-2024-3159 - Out-of-bounds memory access in V8 (demonstrated at Pwn2Own 2024)
CVE-2024-4671 - Use-after-free in Visuals
CVE-2024-4761 - Out-of-bounds write in V8
CVE-2024-4947 - Type confusion in V8
CVE-2024-5274 - Type confusion in V8
CVE-2024-7971 - Type confusion in V8
Comments