Google has released an urgent update for its popular Chrome web browser. The update fixes a critical zero-day vulnerability that malicious attackers are actively exploiting.
The vulnerability is considered to be high-risk, and if left unpatched, attackers can gain unauthorized access to sensitive information on affected systems.
There is a vulnerability in Chrome’s Visuals component that is being tracked as CVE-2024-4671. The flaw is related to the use-after-free issue and can potentially lead to remote code execution.
Google has launched the Chrome 124.0.6367.201/.202 update for users of Windows, Mac, and Linux desktops.
This new version includes a crucial fix for a zero-day vulnerability, and Google has advised all Chrome users to upgrade to the latest version immediately to minimize the risk of a possible attack.
Details about the attacks exploiting CVE-2024-4671 are currently limited. Google has restricted access to bug details until most users have updated with the fix. An anonymous security researcher reported the vulnerability to Google.
This marks the sixth Chrome zero-day patched by Google so far in 2024. In April, Google fixed two other zero-day vulnerabilities, CVE-2024-2887 and CVE-2024-2886, that were exploited at the Pwn2Own Vancouver 2024 hacking competition.
CVE-2024-2887 was a type of confusion weakness in WebAssembly used as part of a remote code execution exploit, while CVE-2024-2886 was a use-after-free flaw in the WebCodecs API that allowed arbitrary read/write access.
Earlier in the year, Google patched CVE-2024-0519, an actively exploited zero-day that allowed attackers to access sensitive information or crash unpatched browsers due to an out-of-bounds memory access weakness in the V8 JavaScript engine.
The discovery of yet another actively exploited Chrome zero-day underscores the ongoing security risks posed by web browsers. Attackers are increasingly targeting flaws in browser components and APIs to compromise user systems.
Chrome users should promptly apply the latest update and remain vigilant for any signs of compromise.
Source: https://bit.ly/3uS5LZ2