Google has recently released an important security update for its Chrome browser, targeting the fifth zero-day vulnerability identified and exploited since the beginning of the year. This particular vulnerability, designated as CVE-2024-4671, is classified as a high-severity “use after free” issue within the Visuals component of Chrome, which is responsible for the rendering and display of content. It was brought to Google’s attention by an anonymous researcher, and the company has acknowledged that it is likely being actively exploited in the wild.
The vulnerability could have severe implications as “use after free” errors allow for the possibility of unauthorized code execution, data leakage, or causing crashes by accessing memory that has been previously allocated and then freed. Such vulnerabilities are particularly dangerous because they exploit the way memory is handled by software, potentially allowing attackers to manipulate the program to access the freed memory which might contain malicious data or commands.
In response to the discovery of CVE-2024-4671, Google has rolled out updates to Chrome versions 124.0.6367.201/.202 for Mac and Windows, and 124.0.6367.201 for Linux. The updates are being distributed over the coming days and weeks. Users on the Extended Stable channel will receive fixes in version 124.0.6367.201 for both Mac and Windows, which are also scheduled to roll out soon.
Google encourages users to ensure that their browser is updated to the latest version by navigating to Settings > About Chrome. Here, users can confirm their current version and allow any pending updates to complete. After updating, a ‘Relaunch’ button must be clicked to apply the update and secure the browser against this vulnerability, as well as any others that may have been patched in the update. Chrome generally updates automatically, but manual confirmation can help ensure that the security patches are applied as soon as possible.
