HomeCyber BalkansGoogle Chrome zero-day vulnerability exploited in the wild

Google Chrome zero-day vulnerability exploited in the wild

Published on

spot_img

Google has recently issued a critical security update for its Chrome web browser in response to attackers exploiting a high-severity vulnerability. The update, which brings Chrome to version 124.0.6367.201, is available for Windows, Mac, and Linux users on the Stable release channel.

The vulnerability, known as CVE-2024-4671, is categorized as a “use after free” flaw in the browser’s Visuals component. This flaw could potentially allow an attacker to execute arbitrary code on a victim’s system. If successfully exploited, the attacker would gain the same privileges as the logged-in user, potentially leading to actions such as installing malware, stealing data, or creating new user accounts with full access.

According to the MS-ISAC advisory, the vulnerability has been observed being actively exploited, posing a significant risk to systems that have not been patched. Google has acknowledged the existence of an exploit for CVE-2024-4671 but has not provided detailed information to allow users time to apply the update.

The 124.0.6367.201 update is now accessible to users on the Stable channel, which is the primary release branch recommended for most users after thorough testing. Additionally, the Extended Stable channel, which receives updates on a slower 8-week cycle, has also been updated to version 124.0.6367.201.

The credit for reporting the CVE-2024-4671 vulnerability goes to an anonymous researcher. This particular release does not include any additional security fixes. Notably, this marks Google’s sixth Chrome zero-day patch in 2024.

In previous instances, Google addressed two other zero-day vulnerabilities, CVE-2024-2887 and CVE-2024-2886, which were exploited during the Pwn2Own Vancouver 2024 hacking competition. Users are strongly advised to update their Chrome installations promptly to mitigate potential risks associated with this critical vulnerability.

While the update will be automatically rolled out over the next few days and weeks, users can manually trigger the update by accessing Chrome’s About menu. Given Chrome’s widespread usage as one of the most popular web browsers globally, this vulnerability represents a significant security threat. It is crucial for users to keep their software up-to-date with the latest security patches to safeguard systems and data from emerging threats.

In conclusion, staying vigilant and proactive in maintaining software security is key to protecting against potential cyber threats. As security incidents continue to evolve, timely updates and heightened awareness are essential for safeguarding digital assets in today’s interconnected world.

Source link

Latest articles

CyberArk Embraces Machine Identity with Venafi Deal

The recent trend in cyber attacks has shifted to targeting machine identities in addition...

ShrinkLocker: Turning BitLocker into ransomware – Source: securelist.com

In a recent incident response engagement, a clever technique involving the misuse of the...

Seventy Percent of CISOs Concerned About Their Organization’s Vulnerability to Significant Attacks: The Register

Chief information security officers worldwide are feeling anxious about the future, with a recent...

Stop GPS Data Communication from Foreign Satellites in the United States

The Federal Communications Commission (FCC) has recently pushed for a permanent ban on potential...

More like this

CyberArk Embraces Machine Identity with Venafi Deal

The recent trend in cyber attacks has shifted to targeting machine identities in addition...

ShrinkLocker: Turning BitLocker into ransomware – Source: securelist.com

In a recent incident response engagement, a clever technique involving the misuse of the...

Seventy Percent of CISOs Concerned About Their Organization’s Vulnerability to Significant Attacks: The Register

Chief information security officers worldwide are feeling anxious about the future, with a recent...
en_USEnglish