Google Rushes to Patch Chrome Zero-Day Exploit: CVE-2024-4671
Google has rushed out an emergency security update for its Chrome browser to address a critical vulnerability already being exploited by threat actors. The flaw, designated CVE-2024-4671, is a “use after free” bug located within the browser’s “Visuals” component.
CVE-2024-4671 is categorized as a “use after free” vulnerability within the Visuals aspect of the Chrome browser. This type of vulnerability refers to incorrect usage of dynamic memory during program operation. If an application fails to clear the pointer to the memory after freeing a memory location, an attacker can exploit this oversight to execute arbitrary code on the system. This can lead to unauthorized data access, data manipulation, or even control over the affected system.
The vulnerability was discovered by an anonymous researcher who reported it to Google. The company swiftly acknowledged the threat, stating, “Google is aware that an exploit for CVE-2024-4671 exists in the wild.” Within just two days of being notified, Google developed and released updates to secure users against this vulnerability.
The emergency updates have been issued for users on the Stable Desktop channel of Chrome, offering versions 124.0.6367.201 and 124.0.6367.202 for Mac and Windows, and version 124.0.6367.201 for Linux. These updates are designed to patch the vulnerability and prevent potential exploits from succeeding.
Chrome will often update automatically, but you can force a manual update:
- Click the three dots in the top-right corner of Chrome.
- Go to Help > About Google Chrome.
- Chrome will check for and install available updates.
