Lookout Coverage and Recommendation for Admins

To ensure your devices are protected, Lookout admins should take the following steps in their Lookout console:

• Enable the Application Vulnerability policy, which will detect when a vulnerable app version is on the device. Since there are known exploits, we suggest you set the severity to high and block user access to work data until they update the app. 
• Lookout will publish the coverage on September 5th, 2024 after which the alerts will be generated based on the admin's risk, response and escalation setup. Any device with vulnerable versions of Chrome (below the reported fixed version of 128.0.6613.88) will receive an alert if detected after that date. 
• Enable Lookout Phishing & Content Protection (PCP) to protect mobile users from malicious phishing campaigns that are built to exploit these vulnerabilities in order to phish credentials or deliver malicious apps to the device.

‍

Overview 

Researchers at Microsoft recently discovered and reported a new vulnerability in Google’s Chrome browser, which Google has acknowledged and released a patch for. Tracked as CVE-2024-7971, this vulnerability exists in the V8 Javascript and WebAssembly engine in Chrome. Researchers acknowledged that they are aware of an exploit for this vulnerability that exists in the wild, though they did not describe the nature of the known exploit. 

NIST has given this vulnerability a based score of 8.8/10, which is very high because of the fact that there is a known exploit that attackers could leverage against vulnerable users. In addition, CISA has assigned a required date of September 16th, 2024 for government agencies to ensure their devices are up to date. 

Lookout Analysis

CVE-2024-7971 has been described as a type confusion bug in the underlying Javascript and WebAssembly engine. When type confusions occur in the underlying engines, it’s typically the result of code performing its expected operations on an object that is not of the class expected by the code. This confusion can be manipulated and is exploitable by threat actors. 

Vulnerabilities like this can have outsized impact on mobile fleets. Since Chrome is by far the most widely-used mobile web browser with roughly 65% market share, it’s extremely unlikely for an enterprise organization to not have users who are at risk. Successfully exploiting vulnerabilities like this often grant the attacker access to the same permissions that Chrome has. It’s also important to note that this is the tenth zero-day that has been discovered in Chrome this year, which demonstrates the importance of keeping apps up to date.

‍

‍