Chrome Zero-Day Alert: Patch a New Vulnerability in Your Browser by Updating It Now
Chrome Zero-Day Alert: Patch a New Vulnerability in Your Browser by Updating It Now
Google issued security updates on Thursday to patch a zero-day vulnerability in Chrome, which the company claims has been actively exploited in the open.
The high-severity vulnerability, identified as CVE-2024-4671, has been characterized as a utilization-after-free situation within the Visuals component. It was reported on May 7, 2024, by an anonymous researcher.
Instances of use-after-free defects occur when a program makes a reference to a memory location subsequent to its deallocation. Such errors can result in a variety of undesirable outcomes, including program termination and arbitrary code execution.
In a succinct advisory, Google acknowledged the existence of an exploit for CVE-2024-4671 in the field. The company refrained from disclosing further details regarding the manner in which the vulnerability is being exploited to launch actual attacks or the identity of the malicious actors responsible for such attacks.
Since the beginning of the year, Google has patched two actively exploited zero-day vulnerabilities in Chrome with the most recent development.
The technology major patched an out-of-bounds memory access vulnerability in the V8 JavaScript and WebAssembly engine (CVE-2024-0519, CVSS score: 8.8) that could lead to a crash in early January.
In March, Google also responded to three additional zero-day vulnerabilities that were exposed during the Pwn2Own hacking competition in Vancouver.
| CVE-2024-2886 | Use-after-free in WebCodecs |
| CVE-2024-2887 | Type confusion in WebAssembly |
| CVE-2024-3159 | Out-of-bounds memory access in V8 |
It is advisable that users update to the latest versions of Chrome (124.0.6367.201/.202 for Windows and macOS, and 124.0.6367.201 for Linux) in order to proactively address potential security risks.
It is also recommended that users of Chromium-based browsers, including Microsoft Edge, Brave, Opera, and Vivaldi, update to the latest available solutions.
About The Author:
Yogesh Naager is a content marketer who specializes in the cybersecurity and B2B space. Besides writing for the News4Hackers blog, he’s also written for brands including CollegeDunia, Utsav Fashion, and NASSCOM. Naager entered the field of content in an unusual way. He began his career as an insurance sales executive, where he developed an interest in simplifying difficult concepts. He also combines this interest with a love of narrative, which makes him a good writer in the cybersecurity field. In the bottom line, he frequently writes for Craw Security.
READ MORE ARTICLE HERE
Google To Use Gemini AI to Tackle Advanced Cyber Threats
Know What Dell Notified Its Customers Via Email About A Cyberattack On Its Servers
A Panchkula Resident was Defrauded Out of ₹1.88 Crore by Cybercriminals
About Author
English