Chrome Zero-Day

Google on Thursday released security updates to address a zero-day flaw in Chrome that it said has been actively exploited in the wild.

Tracked as CVE-2024-4671, the high-severity vulnerability has been described as a case of use-after-free in the Visuals component. It was reported by an anonymous researcher on May 7, 2024.

Use-after-free bugs, which arise when a program references a memory location after it has been deallocated, can lead to any number of consequences, ranging from a crash to arbitrary code execution.

"Google is aware that an exploit for CVE-2024-4671 exists in the wild," the company said in a terse advisory without revealing additional specifics of how the flaw is being weaponized in real-world attacks or the identity of the threat actors behind them.

Cybersecurity

With the latest development, Google has addressed two actively exploited zero-days in Chrome since the start of the year.

Earlier this January, the tech giant patched an out-of-bounds memory access issue in the V8 JavaScript and WebAssembly engine (CVE-2024-0519, CVSS score: 8.8) that could result in a crash.

Google also addressed three other zero-days that were disclosed during the Pwn2Own hacking contest in Vancouver in March -

Users are recommended to upgrade to Chrome version 124.0.6367.201/.202 for Windows and macOS, and version 124.0.6367.201 for Linux to mitigate potential threats.

Users of Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi are also advised to apply the fixes as and when they become available.


Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.