Google has released a security update for the Chrome browser to fix a zero-day vulnerability exploit that has been used by threat actors. This is the fifth time this year the company has had to issue a patch for one of these vulnerabilities, as reported by Bleeping Computer.
"Google is aware that an exploit for CVE-2024-4671 exists in the wild," the company said in a short advisory. It did not issue any specifics as to the nature of the real-world attack or the identity of the threat actors. This is common for Google, as it likes to wait until a majority of users have updated the software before announcing specific details.
We do know some stuff about the exploit. It's being classified as a "high-severity issue" and as a "user after free" vulnerability. These bugs arise when a program references a memory location after it has been deallocated, leading to any number of serious consequences from a crash to a random execution of code. It looks like the CVE-2024-4671 vulnerability is attached to the visuals component that handles rendering and the display of content on the browser.
The exploit was discovered and reported to Google by an anonymous researcher. The fix is available for Mac, Windows and Linux and updates will continue to roll out to users over the coming days and weeks. Chrome updates automatically with security fixes, so users can confirm they are running the latest version of the browser by going to Settings and About Chrome. Users of Chromium-based browsers like Microsoft Edge, Brave, Opera and Vivaldi should also update to a new version as soon as they are available
|
