CVE-2024-7971

CVSS v3.1

Critical

AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

The vulnerable software is Google Chrome, specifically the V8 JavaScript engine. The vulnerability is a type confusion issue that can be exploited to execute arbitrary code on affected systems.

The vulnerable versions are prior to 128.0.6613.84.

To exploit this vulnerability, an attacker can use a crafted HTML page to corrupt the heap and execute malicious code.

It is recommended to update Google Chrome to the latest version, 128.0.6613.84 or later, to patch this vulnerability.

North Korean hackers, known as Citrine Sleet, have been exploiting this vulnerability to deploy the FudModule rootkit and steal cryptocurrency.

#GoogleChrome #V8JavaScriptEngine #TypeConfusionVulnerability #RemoteCodeExecution #CyberSecurity #ZeroDayExploit #ChromeUpdate #PatchNow #CyberAttack #InfoSec #VulnerabilityManagement #Exploit #CVE

Exploit

Fix

Type Confusion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-843

Related Identifiers

ALT-PU-2024-14994

ALT-PU-2024-14996

ALT-PU-2024-15041

ALT-PU-2024-15575

ALT-PU-2024-17740

ALT-PU-2025-2945

ALT-PU-2025-4366

ALT-PU-2025-7539

ALT-PU-2025-8547

BDU:2024-06562

CVE-2024-7971

DSA-5757-1

MGASA-2024-0321

OPENSUSE-SU-2024:0258-1

OPENSUSE-SU-2024:0258-2

OPENSUSE-SU-2024:0275-1

OPENSUSE-SU-2024:14285-1

OPENSUSE-SU-2024:14548-1

OPENSUSE-SU-2024_0275-1

Affected Products

Alt Linux

Astra Linux

Debian

Google Chrome

Red Os

Suse

V8 Javascript Engine

CVE-2024-7971

Weakness Enumeration

Related Identifiers

Affected Products

References · 366