CVE-2024-4761: Zero-Day Vulnerability Patched in Google Chrome

Google has swiftly moved to address a high-severity zero-day vulnerability in its Chrome browser that was actively exploited in the wild. The vulnerability, identified as CVE-2024-4761, is an “Out of bounds write” flaw found in V8, Chrome’s JavaScript engine. This critical security issue was discovered and reported by an anonymous researcher, highlighting the ongoing threats faced by modern browsers.

Details of the Vulnerability

The CVE-2024-4761 vulnerability is classified as an “Out of bounds write” issue, which occurs when the program writes data outside the boundaries of pre-allocated memory. This type of vulnerability can lead to several severe consequences, including arbitrary code execution, data corruption, and system crashes. In the context of a web browser, it poses a significant risk as it could allow attackers to execute malicious code remotely, potentially compromising the user’s system.

Active Exploitation in the Wild

In its advisory, Google acknowledged the active exploitation of this vulnerability but withheld specific details about the attacks to protect users. “Google is aware that an exploit for CVE-2024-4761 exists in the wild,” the advisory stated. The lack of detailed information on the exploit emphasizes the urgency for users to update their browsers to mitigate potential risks.

Security Update Rollout

To address this critical issue, Google has released security updates for Chrome. The updates are available as version 124.0.6367.207/.208 for Mac and Windows, and version 124.0.6367.207 for Linux. These updates will be rolled out over the coming days and weeks, ensuring all users receive the necessary protection.

Users of Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi are also advised to apply the fixes as they become available. These browsers share the same underlying code as Chrome, making them susceptible to the same vulnerabilities.