Google released security updates on Thursday to address a zero-day vulnerability in Chrome that has been actively exploited in the wild.
The high-severity vulnerability, known as CVE-2024-4671, is a case of use-after-free in the Visuals component. It was reported by an anonymous researcher on May 7, 2024.
Use-after-free bugs occur when a program references a memory location after it has been deallocated, leading to various consequences such as crashes or arbitrary code execution.
“Google is aware of an exploit for CVE-2024-4671 in the wild,” the company stated in an advisory without disclosing specific details about the exploitation or threat actors.
Google has now addressed two actively exploited zero-day vulnerabilities in Chrome in 2024.
Previously in January, Google fixed an out-of-bounds memory access issue in the V8 JavaScript and WebAssembly engine (CVE-2024-0519, CVSS score: 8.8) that could cause crashes.
Additionally, Google addressed three other zero-day vulnerabilities disclosed during the Pwn2Own hacking contest in Vancouver in March.
It is recommended that users upgrade to Chrome version 124.0.6367.201/.202 for Windows and macOS, and version 124.0.6367.201 for Linux to protect against potential threats.
Users of Chromium-based browsers like Microsoft Edge, Brave, Opera, and Vivaldi should also apply the fixes as soon as they are available.
