CVE-2024-7971: 
vulnerability analysis and mitigation

Type confusion in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to exploit heap corruption via a crafted HTML page. The vulnerability, identified as CVE-2024-7971, was discovered on August 19, 2024, by Microsoft Threat Intelligence Center (MSTIC) and Microsoft Security Response Center (MSRC). This high-severity vulnerability affects Chromium-based browsers, including Google Chrome and Microsoft Edge (Chrome Release, NVD).

CVE-2024-7971 is a type confusion vulnerability in the V8 JavaScript and WebAssembly engine. The vulnerability allows remote code execution (RCE) in the sandboxed Chromium renderer process. It received a CVSS v3.1 base score of 9.6 CRITICAL (Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H). This is the third exploited V8 type confusion vulnerability patched in V8 this year, following CVE-2024-4947 and CVE-2024-5274 (Microsoft Security).

The vulnerability enables remote attackers to achieve remote code execution through heap corruption when users visit specially crafted HTML pages. When successfully exploited, it allows attackers to escape the browser sandbox and potentially gain full control of the affected system. The vulnerability has been actively exploited in the wild, particularly targeting organizations in the cryptocurrency sector (CISA KEV).

Google released a fix in Chrome version 128.0.6613.84, and Microsoft Edge was updated to version 128.0.2739.42 to address the vulnerability. Users are strongly advised to update their browsers immediately. Additionally, organizations should implement Microsoft's recommended mitigations, including enabling tamper protection in Microsoft Defender for Endpoint, running EDR in block mode, and ensuring systems are updated with the latest security patches (Chrome Release).

Microsoft has directly notified targeted or compromised customers, providing them with important information to secure their environments. The United States government has assessed that North Korean actors like Citrine Sleet will likely continue targeting vulnerabilities of cryptocurrency technology firms to generate and launder funds to support the North Korean regime (Microsoft Security).