CVE-2024-7965: Google Chrome V8 RCE Vulnerability

CVE-2024-7965 Overview

CVE-2024-7965 is a high-severity vulnerability in the V8 JavaScript engine used by Google Chrome and Chromium-based browsers. The flaw stems from an inappropriate implementation in V8 that allows a remote attacker to trigger heap corruption through a crafted HTML page. CISA has added this vulnerability to the Known Exploited Vulnerabilities (KEV) catalog, confirming active exploitation in the wild. Affected versions include Google Chrome prior to 128.0.6613.84 and downstream Chromium browsers such as Microsoft Edge. The vulnerability is tracked under [CWE-787] (Out-of-bounds Write) and [CWE-358] (Improperly Implemented Security Check for Standard).

Critical Impact

Remote attackers can achieve heap corruption and potential code execution in the browser renderer process by luring a user to a malicious web page.

Affected Products

• Google Chrome versions prior to 128.0.6613.84
• Microsoft Edge (Chromium-based) builds incorporating the vulnerable V8 engine
• Other Chromium-derived browsers shipping V8 before the fix

Discovery Timeline

• 2024-08-21 - CVE-2024-7965 published to NVD following Chrome Stable channel update
• 2024-08-21 - Google released Chrome 128.0.6613.84 containing the fix
• 2025-10-24 - Last updated in NVD database

Technical Details for CVE-2024-7965

Vulnerability Analysis

The vulnerability resides in V8, the JavaScript and WebAssembly engine that powers Chrome and other Chromium-based browsers. V8 performs aggressive just-in-time (JIT) compilation and optimization of JavaScript code to deliver high performance. CVE-2024-7965 results from an inappropriate implementation within V8 that leads to heap corruption when processing specifically crafted JavaScript embedded in an HTML page.

Heap corruption in V8 typically grants an attacker primitives to read and write arbitrary memory inside the renderer process. Attackers chain such flaws with a sandbox escape to achieve full code execution on the host. The vulnerability has been observed in real-world attacks, leading to its inclusion in the CISA KEV catalog.

Root Cause

The root cause is classified under [CWE-787] Out-of-bounds Write and [CWE-358] Improperly Implemented Security Check for Standard. The V8 optimizer makes assumptions about object state or type information that an attacker can violate through crafted JavaScript. When these assumptions break, V8 writes outside the bounds of an allocated heap object, corrupting adjacent metadata or object pointers.

Attack Vector

Exploitation requires a user to visit a malicious or compromised web page. The attacker delivers JavaScript that manipulates V8 internal state to trigger the out-of-bounds write. No authentication is required, and the attack can be launched purely over the network. Successful exploitation produces a controllable read/write primitive inside the renderer sandbox, which adversaries combine with a separate sandbox escape to compromise the underlying operating system.

No verified public proof-of-concept code is available for this issue. Technical details are tracked in the Chromium Issue Tracker Entry, which remains restricted under Google's standard disclosure embargo.

Detection Methods for CVE-2024-7965

Indicators of Compromise

• Renderer process crashes (chrome.exe, msedge.exe) with access violation signatures shortly after visiting an external URL
• Unexpected child processes spawned from the browser renderer, indicating possible sandbox escape
• Outbound network connections from browser processes to attacker-controlled infrastructure following page load
• Browser binaries running at versions prior to 128.0.6613.84 in enterprise telemetry

Detection Strategies

• Inventory installed browser versions across endpoints and flag any Chrome build earlier than 128.0.6613.84
• Monitor endpoint telemetry for renderer process crashes correlated with web traffic to uncategorized domains
• Apply behavioral identification rules for browser processes writing executable content or launching shells
• Correlate web proxy logs with endpoint crash events to identify potential exploitation attempts

Monitoring Recommendations

• Forward browser crash reports and process telemetry into a centralized data lake for retroactive hunting
• Track CISA KEV catalog updates and prioritize alerting on associated CVEs across the fleet
• Alert on browser child process creation chains that deviate from baseline (for example, chrome.exe spawning cmd.exe or powershell.exe)

How to Mitigate CVE-2024-7965

Immediate Actions Required

• Update Google Chrome to version 128.0.6613.84 or later on all managed endpoints
• Update Microsoft Edge and other Chromium-based browsers to builds that incorporate the patched V8 engine
• Audit the environment for outdated browser installations using endpoint inventory tooling
• Treat this CVE as priority remediation given its CISA KEV listing and confirmed in-the-wild exploitation

Patch Information

Google released the fix in the Chrome Stable channel update on August 21, 2024. Details are available in the Google Chrome Stable Update advisory. Microsoft Edge and other Chromium downstream vendors shipped corresponding updates shortly after. Confirm patch status through the CISA Known Exploited Vulnerabilities catalog entry.

Workarounds

• Enforce browser auto-update policies through enterprise management (Group Policy, Intune, Jamf) to ensure rapid patch adoption
• Restrict browsing to trusted categories using web filtering for users who cannot immediately update
• Disable JavaScript on untrusted sites via browser policy where operationally feasible
• Enable site isolation and ensure the renderer sandbox is not weakened by custom command-line flags

# Verify installed Chrome version on Windows
reg query "HKLM\Software\Google\Update\Clients\{8A69D345-D564-463C-AFF1-A69D9E530F96}" /v pv

# Verify installed Chrome version on Linux
google-chrome --version

# Force update via Chrome Enterprise policy (Windows registry)
reg add "HKLM\Software\Policies\Google\Update" /v UpdateDefault /t REG_DWORD /d 1 /f