Skip to Main Content

Update Chrome Now to Protect Yourself From This Zero-Day Exploit

Google fixed 38 security vulnerabilities in its latest Chrome update, one of which is particularly important to address.
Chrome logo on a laptop
Credit: monticello/Shutterstock

If you use Google Chrome or a Chromium-based web browser, you need to update it ASAP.

Google's latest update for Chrome, version 128.0.6613.84/.85 (Windows/Mac) and 128.0.6613.84 (Linux), comes with patches for 38 security vulnerabilities, eight of which Google identifies as "High" severity. Google detailed all these patches in its latest Chrome Releases blog post, running through each vulnerability's type, severity, reward (the money rewarded to the researcher who discovered it), and noting who reported the flaw.

While it's important to fix all these vulnerabilities, one of them is more important than others: The vulnerability, a zero-day, is tracked as CVE-2024-7971, and is a type confusion flaw affecting Chrome's V8 JavaScript engine. Type confusion occurs when a program processes an object without checking its type first: If that type is incompatible or incorrect, it can create a vulnerability that bad actors can exploit.

That's the case with CVE-2024-7971: Google confirmed in its blog post that the company is aware an exploit for this vulnerability exists in the wild, which means someone, somewhere knows how to use it. Worse yet, this vulnerability doesn't require an attacker to have physical access to your browser, as a remote hacker was able to exploit it. The chances may be low that a hacker would both know about this exploit and have their eyes set on your Chrome browser, but the odds aren't zero. Why take the risk?

According to The Hacker News, this is the ninth zero-day vulnerability Google has addressed this year, and the third type confusion issue affecting its V8 JavaScript engine. Interestingly, it was Microsoft Security Response Center who reported the bug, earning $11,000 in the process.

While the other 37 vulnerabilities aren't zero-days, and thus have no known active exploits at this time, they're still important to patch immediately. Now that these flaws are out in the open, it's only a matter of time before bad actors figure out how to exploit them, too. If you browser isn't updated, you're left vulnerable to any of these potential exploits.

Update to protect your browser from this vulnerability

As noted above, this bug doesn't just affect Chrome, but all browsers built on the open-source platform Chromium. That includes Chrome, of course, but also Microsoft Edge, Opera, Brave, and Vivaldi. If you use any of these browsers, you should update as soon as possible.

To update Chrome, tap on the three dots in the top-right corner of your window, then go to Help > About Google Chrome. Let Chrome look for a new update. If one is available, you can click Relaunch to allow the browser to install the patch.

artist rendition of Jake Peterson
Jake Peterson
Senior Technology Editor

Jake Peterson is Lifehacker’s Senior Technology Editor. He has a BFA in Film & TV from NYU, where he specialized in writing. Jake has been helping people with their technology professionally since 2016, beginning as technical specialist at New York’s 5th Avenue Apple Store, then as a writer for the website Gadget Hacks. In that time, he wrote and edited thousands of news and how-to articles about iPhones and Androids, including reporting on live demos from product launches from Samsung and Google. In 2021, he moved to Lifehacker and covers everything from the best uses of AI in your daily life to which MacBook to buy. His team covers all things tech, including smartphones, computers, game consoles, and subscriptions. He lives in Connecticut.

Read Jake's full bio