CVE-2024-7965

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 128.0.6613.84

Description The vulnerability is an inappropriate implementation bug in the V8 JavaScript and WebAssembly engine, which could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page. This flaw has been described as a high-severity vulnerability and is being actively exploited in the wild. A proof of concept (PoC) exploit has been made available for this vulnerability. The vulnerability could enable remote attacks, and it is recommended to update Google Chrome to the latest version to protect against this vulnerability.

Recommendations To resolve the issue, update Google Chrome to version 128.0.6613.84 or later. As a temporary workaround, consider disabling the V8 JavaScript engine or restricting access to it until a patch is available. However, the most effective solution is to update the browser to the latest version.

Exploit

Fix

Memory Corruption

Improperly Implemented Security Check for Standard

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-358

Related Identifiers

ALSA-2025_16880

ALSA-2025_2863

ALSA-2025_2864

ALT-PU-2024-14994

ALT-PU-2024-14996

ALT-PU-2024-15041

ALT-PU-2024-15575

ALT-PU-2024-17740

ALT-PU-2025-2945

ALT-PU-2025-4366

ALT-PU-2025-7539

ALT-PU-2025-8547

BDU:2024-07084

CVE-2024-7965

DSA-5757-1

MGASA-2024-0321

OPENSUSE-SU-2024:0258-1

OPENSUSE-SU-2024:0258-2

OPENSUSE-SU-2024:14285-1

OPENSUSE-SU-2024:14425-1

OPENSUSE-SU-2024:14548-1

Affected Products

Alt Linux

Astra Linux

Debian

Google Chrome

Red Os

V8 Javascript Engine

CVE-2024-7965

Weakness Enumeration

Related Identifiers

Affected Products

References · 315