Vulmon Recent Vulnerabilities Product List Research Posts Trends Blog About Contact
9.6
CVSSv3

CVE-2024-7971

CVSSv4: NA | CVSSv3: 9.6 | CVSSv2: NA | VMScore: 1000 | EPSS: 0.00384 | KEV: Exploitation Reported
Published: 21/08/2024 Updated: 03/01/2025

Vulnerability Summary

Type confusion in V8 in Google Chrome before 128.0.6613.84 allowed a remote malicious user to exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

google chrome

microsoft edge

Vendor Advisories

Google Chrome: Long Term Support Channel Update for ChromeOS
A new LTS-126 version 12606478256 (Platform Version: 15886810), has rolled out for most ChromeOS devices This version includes selected security fixes including:360700873 High CVE-2024-7971 Type Confusion in V8368208152 High CVE- 2024-9369 Insufficient data validation in MojoRelease notes for LTS-126 c ...
Google Chrome: Long Term Support Channel Update for ChromeOS
A new LTC-126 version 12606478251 (Platform Version: 15886760), is being rolled out for most ChromeOS devices This version includes fixes for:360700873 High CVE-2024-7971 Type confusion in V8If you have devices in the LTC channel, they will be updated to this version The LTS channel remains on LTS-120 until Oct ...
Google Chrome: Stable Channel Update for Desktop
The Chrome team is delighted to announce the promotion of Chrome 128 to the stable channel for Windows, Mac and Linux This will roll out over the coming days/weeksChrome 1280661384 (Linux) 1280661384/85( Windows, Mac) contains a number of fixes and improvements -- a list of changes is available in the log Watch out for upcoming Chrome and ...
Google Chrome: Long Term Support Channel Update for ChromeOS
 LTS-120 is being updated in the LTS (Long Term Support) channel, version 12006099331 (Platform Version: 156621190), for most ChromeOS devices Release notes for LTS-120 can be found here Want to know more about Long-term Support? Click hereThis update contains selective Security fixes, including:360700873 High CV ...
Google Chrome: Stable Channel Update for ChromeOS / ChromeOS Flex
Hello All,The Stable channel is being updated to 12806613133 (Platform version: 15964480) for ChromeOS devices and will be rolled out over the next few daysIf you find new issues, please let us know one of the following ways:File a bug Visit our Chrome OS communitiesGeneral: Chromebook Help CommunityBeta Specific ...

Github Repositories

https://github.com/tayvano/lazarus-bluenoroff-research

a collection of north korean apt articles, analysis and heists attributed to lazarus / bluenoroff / apt38.

Lazarus / DPRK / Cryptocurrency / Web3 / Etc “If the Internet is like a gun, cyberattacks are like atomic bombs” – Kim Jon Il “Cyberwarfare is an all-purpose sword that guarantees the North Korean People’s Armed Forces ruthless striking capability, along with nuclear weapons and missiles” – Kim Jong-un "The real purpose of t

https://github.com/mistymntncop/CVE-2024-7971

CVE-2024-7971 Writeup for CVE-2024-7971 Just a POC not an exploit

Recent Articles

North Korean hackers exploit Chrome zero-day to deploy rootkit
BleepingComputer • Sergiu Gatlan • 30 Aug 2024

North Korean hackers exploit Chrome zero-day to deploy rootkit By Sergiu Gatlan August 30, 2024 01:04 PM 0 North Korean hackers have exploited a recently patched Google Chrome zero-day (CVE-2024-7971) to deploy the FudModule rootkit after gaining SYSTEM privileges using a Windows Kernel exploit. "We assess with high confidence that the observed exploitation of CVE-2024-7971 can be attributed to a North Korean threat actor targeting the cryptocurrency sector for financial gain," Microsoft said on...

Read more...
Google tags a tenth Chrome zero-day as exploited this year
BleepingComputer • Sergiu Gatlan • 26 Aug 2024

Google tags a tenth Chrome zero-day as exploited this year By Sergiu Gatlan August 26, 2024 05:58 PM 0 Today, Google revealed that it patched the tenth zero-day exploited in the wild in 2024 by attackers or security researchers during hacking contests. Tracked as CVE-2024-7965 and reported by a security researcher known only as TheDog, the now-patched high-severity vulnerability is described as an inappropriate implementation in Google Chrome's V8 JavaScript engine that can l...

Read more...
Google fixes ninth Chrome zero-day exploited in attacks this year
BleepingComputer • Sergiu Gatlan • 21 Aug 2024

Google fixes ninth Chrome zero-day exploited in attacks this year By Sergiu Gatlan August 21, 2024 05:43 PM 0 ​​Today, Google released a new Chrome emergency security update to patch a zero-day vulnerability tagged as exploited attacks. "Google is aware that an exploit for CVE-2024-7971 exists in the wild," the company said in an advisory published on Wednesday. This high-severity zero-day vulnerability is caused by a type confusion weakness in Chrome's V8 JavaScript engine. Security researc...

Read more...
Google fixes ninth Chrome zero-day exploited in attacks this year
BleepingComputer • Sergiu Gatlan • 21 Aug 2024

Google fixes ninth Chrome zero-day exploited in attacks this year By Sergiu Gatlan August 21, 2024 05:43 PM 0 ​​Today, Google released a new Chrome emergency security update to patch a zero-day vulnerability tagged as exploited in attacks. "Google is aware that an exploit for CVE-2024-7971 exists in the wild," the company said in an advisory published on Wednesday. This high-severity zero-day vulnerability is caused by a type confusion weakness in Chrome's V8 JavaScript engine. Security rese...

Read more...

References

CWE-843CWE-843CWE-843https://nvd.nist.govhttps://github.com/tayvano/lazarus-bluenoroff-researchhttps://www.bleepingcomputer.com/news/security/google-fixes-tenth-actively-exploited-chrome-zero-day-in-2024/https://www.first.org/epsshttps://chromereleases.googleblog.com/2024/10/long-term-support-channel-update-for_29.htmlhttps://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop_21.htmlhttps://issues.chromium.org/issues/360700873https://www.microsoft.com/en-us/security/blog/2024/08/30/north-korean-threat-actor-citrine-sleet-exploiting-chromium-zero-day/
Preferred Score:
CVSSv3
CVSSv2
CVSSv3
CVSSv4
EPSS
VMScore
Recommendations:
CVE-2025-46656unknownCVE-2025-46577CVE-2025-32979paicodingXPath injectionhackmdCVE-2025-3643opplusCSRFlocal usersCVE-2025-32433CVE-2025-32432
Home
/
Search Results
/
CVE-2024-7971
Vulmon Logo Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook