Google has released emergency security update for its Chrome browser to address a critical vulnerability already being exploited by threat actors.
The vulnerability tracked as CVE-2024-4671, is a “use after free” bug located within the browser’s “Visuals” component. This type of vulnerability refers to incorrect usage of dynamic memory during program operation. If an application fails to clear the pointer to the memory after freeing a memory location, an attacker can exploit this oversight to execute arbitrary code on the system. This can lead to unauthorized data access, data manipulation, or even control over the affected system.
The vulnerability was discovered by an anonymous researcher who reported it to Google. The company swiftly acknowledged the threat, stating, “Google is aware that an exploit for CVE-2024-4671 exists in the wild.” Within just two days of being notified, Google developed and released updates to secure users against this vulnerability.
The emergency updates have been issued for users on the Stable Desktop channel of Chrome, offering versions 124.0.6367.201 and 124.0.6367.202 for Mac and Windows, and version 124.0.6367.201 for Linux. These updates are designed to patch the vulnerability and prevent potential exploits from succeeding.
