Update Your Favourite Browser Now, Google addresses another Chrome zero-day exploit.
Google addresses another Chrome zero-day exploit used in attacks this year.
Google has launched a security update for the Chrome browser, addressing the fifth zero-day vulnerability discovered in the wild since the beginning of the year. The high-severity bug, identified as CVE-2024-4671, is a “user after free” vulnerability in the Visuals component, which controls content rendering and presentation in the browser. CVE-2024-671 was found and submitted to Google by an anonymous researcher, and the corporation stated that it is most likely actively exploited.
“Google is aware that an exploit for CVE-2024-4671 exists in the wild,” reads the advisory without providing additional information.
Use-after-free flaws are security flaws that occur when a program continues to use a pointer after the memory it points to has been freed, following the completion of its legitimate operations in that region.
Because the freed memory could now contain other data or be used by other applications or components, accessing it could cause data leakage, code execution, or a crash.
Google resolved the issue with the release of 124.0.6367.201/.202 for Mac/Windows and 124.0.6367.201 for Linux, with updates to follow in the next few days/weeks.
For users of the ‘Extended Stable’ channel, fixes will be made available in version 124.0.6367.201 for Mac and Windows, also to roll out later.
Chrome updates automatically when a security update is available, but users can confirm they’re running the latest version by going to Settings > About Chrome, letting the update finish, and then clicking on the ‘Relaunch’ button to apply it.
This latest flaw addressed in Google Chrome is the fifth this year, with three others discovered during the March 2024 Pwn2Own hacking contest in Vancouver.