Time to update Chrome (again) to patch another zero-day exploit
There’s an old Harry James song I’ve heard before — it’s called “I’ve Heard That Song Before” — and lately it comes to mind whenever I hear that I need to update my Chrome browser right away. Like when Google finds another zero-day security exploit that needs to be patched immediately. Like today, for instance.
Seriously, go update Chrome right now.
As BleepingComputer notes, this is the ninth time this year that Google has discovered and patched a security vulnerability in the Chrome browser. And even if you’re tired of hearing this, the patch is necessary and urgent because this vulnerability is being exploited “in the wild.”
The big update for today addresses issue CVE-2024-7971, a “type confusion” vulnerability that exploits an error in Google’s custom JavaScript engine. The issue was actually discovered by Microsoft’s Threat Intelligence Center and Security Response Center last month, but neither company is explaining exactly how the exploit is implemented.
Microsoft is nominally Google’s competitor, of course, but it has a vested interest in Chrome. Google’s browser isn’t just the most dominant web browser on the planet by a longshot, but it’s also a sort of kissing cousin to Microsoft’s Edge browser (as they’re both based on Google’s open-source Chromium project).
Today’s Chrome update also includes seven other patches noted as high priority, plus thirteen others of medium or low priority. Version 128.0.6613.84 is the one you want to be on for Windows and Linux, 128.0.6613.85 for Mac.
Further reading: Essential tips to make Chrome more secure