Google is distributing a patch to address a critical security flaw in its Chrome browser, which Google says is actively being exploited in the wild

The flaw (tracked as CVE-2024-7971) is a disruptive bug in the V8 JavaScript and WebAssembly engine (h/t to The Hacker News) Google acknowledged the flaw in a blog post, stating that the company is “aware that there is a CVE-2024-7971 exploit out there in the wild”

According to the National Vulnerability Database, the disruption bug “allows remote attackers to exploit the heap corruption via a crafted HTML page” For those unaware, a heap corruption is a memory exploit; according to BlackBerry, heap corruption can be benign, but it can also cause a fatal memory fault that prevents the system from allowing the associated process to run

Google's blog gives credit to the Microsoft Threat Intelligence Center and the Microsoft Security Response Center for discovering and reporting the flaw on August 19 [As of this writing, Google has not released details about the nature of the attack or who is exploiting the flaw; according to Hacker News, this is the third type of disruption page that Google has patched this year

To apply Google's patch, Windows and macOS users will need to upgrade their Chrome version to 1280661384/85; Linux users will need to update to version 1280661384 Again, this fix will be rolled out gradually and may not be immediately available to all Chrome users Please check back often if you do not see the new version yet

Other Chromium-based browsers such as Brave, Microsoft Edge, Opera, and Vivaldi may also be affected