A critical zero-day vulnerability in Chrome has been identified, allowing unauthorized access and potential remote code execution on affected systems. Continue reading this Cybersecurity Threat Advisory for more information and to safeguard your systems now.
What is the threat?
The flaw, known as CVE-2024-7971, is due to a ‘type confusion’ weakness uncovered in Chrome’s V8 JavaScript engine and uses a FudModule rootkit. The possible exploitation allows attackers to gain remote code execution into the Chromium. The rootkit will run in memory and from there it will start a direct kernel object manipulation strategy which will target disruption in kernel security.
Why is it noteworthy?
This zero-day is being actively exploited by a hacker group known as Citrine Sleet. This group has been responsible for many previous attacks on financial institutions and cryptocurrency firms. Since this vulnerability allows remote code execution, this can allow further lateral movement into email communications, system privileges, and exfiltration of sensitive information.
What is the exposure or risk?
This specific type confusion weakness is impacting V8 in Google Chrome before 128.0.6613.84 and allows a remote attacker to exploit heap corruption via a crafted HTML page. Type confusion occurs when a computer program confuses what kind of data it’s working with. This often leads to mistakes or security problems. Heap corruption involves taking advantage of problems in a computer’s memory to cause errors or gain control of a system via a crafted HTML page.
What are the recommendations?
Barracuda MSP recommends taking the following actions:
- Update to the latest version of Google Chrome.
- Ensure that all audiovisual (AV) and endpoint detection and response (EDR) platforms are running correctly in the background.
Reference
For more in-depth information about the recommendations, please visit the following link:
If you have any questions about this Cybersecurity Threat Advisory, please contact Barracuda XDR’s Security Operations Center.
