CVE-2024-7965 – This vulnerability in Chrome's V8 JavaScript en... (How to Fix)

Q: What is the severity of CVE-2024-7965?

CVE-2024-7965 has a CVSS score of 8.8 (HIGH). This vulnerability in Chrome's V8 JavaScript engine allows attackers to trigger heap corruption through malicious HTML pages. Successful exploitation could lead to arbitrary code execution or browser crashes. All users running vulnerable Chrome versions are affected.

📋 TL;DR

This vulnerability in Chrome's V8 JavaScript engine allows attackers to trigger heap corruption through malicious HTML pages. Successful exploitation could lead to arbitrary code execution or browser crashes. All users running vulnerable Chrome versions are affected.

💻 Affected Systems

Products:

Google Chrome
Chromium-based browsers

Versions: Versions prior to 128.0.6613.84

Operating Systems: Windows, macOS, Linux, Android, iOS

Default Config Vulnerable: ⚠️ Yes

Notes: All default Chrome configurations are vulnerable. Chromium-based browsers like Edge, Brave, etc. may also be affected if using vulnerable V8 versions.

📦 What is this software?

Chrome by Google

Google Chrome is the world's most popular web browser, used by over 3 billion users globally across Windows, macOS, Linux, Android, and iOS platforms. As a Chromium-based browser developed by Google, Chrome dominates the browser market with approximately 65% market share, making it a critical compon...

Learn more about Chrome →

Edge Chromium by Microsoft

View all CVEs affecting Edge Chromium →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with the same privileges as the Chrome process, potentially leading to full system compromise if combined with other vulnerabilities.

🟠

Likely Case

Browser crash (denial of service) or limited memory corruption leading to information disclosure.

🟢

If Mitigated

No impact if Chrome is updated to patched version or if exploit attempts are blocked by security controls.

🌐 Internet-Facing: HIGH - Attackers can exploit via malicious websites or ads without user interaction beyond visiting a page.

🏢 Internal Only: MEDIUM - Internal users could be targeted via phishing or compromised internal sites.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: CONFIRMED

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

CISA has added this to their Known Exploited Vulnerabilities catalog, indicating active exploitation in the wild.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 128.0.6613.84 and later

Vendor Advisory: https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop_21.html

Restart Required: Yes

Instructions:

1. Open Chrome. 2. Click three-dot menu → Help → About Google Chrome. 3. Chrome will automatically check for and install updates. 4. Click 'Relaunch' to restart Chrome with the update.

🔧 Temporary Workarounds

Disable JavaScript

all

Temporarily disable JavaScript execution in Chrome to block exploitation vectors

chrome://settings/content/javascript → Block

Use Site Isolation

all

Ensure site isolation is enabled to limit impact of memory corruption

chrome://flags/#site-isolation-trial-opt-out → Disabled

🧯 If You Can't Patch

Use alternative browsers until Chrome can be updated
Implement web filtering to block known malicious sites and ads

🔍 How to Verify

Check if Vulnerable:

Check Chrome version: chrome://version and compare to 128.0.6613.84

Check Version:

chrome://version

Verify Fix Applied:

Confirm Chrome version is 128.0.6613.84 or higher

📡 Detection & Monitoring

Log Indicators:

Chrome crash reports with V8-related errors
Unexpected Chrome process termination

Network Indicators:

Requests to known exploit domains
Suspicious JavaScript execution patterns

SIEM Query:

source="chrome" AND (event="crash" OR error="V8")

📊 Metadata

CVE ID: CVE-2024-7965

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-787

Published: August 21, 2024

Last Updated: October 24, 2025

🔗 References

https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop_21.html Release Notes
https://issues.chromium.org/issues/356196918 Permissions Required
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-7965 US Government Resource

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-7965, you might also want to check these: