Chrome Zero-Day Warning – Update your browser to address the new vulnerability

May 10, 2024NewsroomBrowser Security/Vulnerability

Google released security updates on Thursday to fix a zero-day flaw in Chrome that was reportedly being actively exploited.

Tracked as CVE-2024-4671The high-severity vulnerability was described as a case of use-after-free in the Visuals component. This was reported on May 7, 2024 by an anonymous researcher.

Use-after-free bugs, which occur when a program references a memory location after it has been freed, can lead to a variety of consequences, ranging from a crash to arbitrary code execution.

“Google is aware that an exploit for CVE-2024-4671 is circulating,” the company said in a terse statement, without revealing further details about how the vulnerability is being weaponized in real-world attacks or the identity of those behind it threat actors facing them.

With the latest development, Google has addressed two actively exploited zero-days in Chrome since the beginning of the year.

In early January this year, the tech giant fixed an out-of-bounds memory access issue in the V8 JavaScript and WebAssembly engine (CVE-2024-0519, CVSS score: 8.8) that could lead to a crash.

Users are recommended to update to Chrome version 124.0.6367.201/.202 for Windows and macOS and to version 124.0.6367.201 for Linux to mitigate potential threats.

Users of Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi are also advised to apply the fixes as soon as they become available.