The vulnerability CVE-2024-4671 has been patched in the latest version.
Google has urgently released another security update for its Chrome browser. The reason was the discovery of a critical vulnerability with active exploitation in real attacks.
The vulnerability has received the identifier CVE-2024-4671 and is classified as a use-after-free memory bug in the component responsible for visualizing web content. This dangerous vulnerability allows attackers to execute arbitrary code in the browser context and completely compromise the system.
The vulnerability was reported to Google by an anonymous cybersecurity expert on May 7, 2024. Users are urgently advised to update Chrome to version 124.0.6367.201/.202 for Windows and macOS and to version 124.0.6367.201 for Linux.
A high-risk vulnerability, tracked as CVE-2024-4671 , has been described as a post-release use case in the Visuals component. This was reported by an anonymous researcher on May 7, 2024.
Use-after-free errors, which occur when a program references a memory location after it has been freed, can lead to any number of consequences, from crashing to executing arbitrary code.
Google confirmed the existence of an exploit for this vulnerability, but did not disclose details of its use in the attacks or information about the attackers.
Since the beginning of the year, the company has already fixed two actively exploited vulnerabilities in Chrome.
In January, an off-array access issue in the V8 JavaScript and WebAssembly engine (CVE-2024-0519, CVSS score: 8.8) that could expose sensitive information was patched.
In March, during the Pwn2Own competition in Vancouver, three more vulnerabilities were discovered:
CVE-2024-2886, a post-release exploit bug in WebCodecs,
CVE-2024-2887 - type confusion in WebAssembly,
CVE-2024-3159 - off-array access in V8.
Owners of Chromium-based browsers such as Microsoft Edge, Brave, Opera and Vivaldi are also advised to install the updates as they become available.