Google has recently issued a critical security update for its Chrome web browser in response to attackers exploiting a high-severity vulnerability. The update, which brings Chrome to version 124.0.6367.201, is available for Windows, Mac, and Linux users on the Stable release channel.
The vulnerability, known as CVE-2024-4671, is categorized as a “use after free” flaw in the browser’s Visuals component. This flaw could potentially allow an attacker to execute arbitrary code on a victim’s system. If successfully exploited, the attacker would gain the same privileges as the logged-in user, potentially leading to actions such as installing malware, stealing data, or creating new user accounts with full access.
According to the MS-ISAC advisory, the vulnerability has been observed being actively exploited, posing a significant risk to systems that have not been patched. Google has acknowledged the existence of an exploit for CVE-2024-4671 but has not provided detailed information to allow users time to apply the update.
The 124.0.6367.201 update is now accessible to users on the Stable channel, which is the primary release branch recommended for most users after thorough testing. Additionally, the Extended Stable channel, which receives updates on a slower 8-week cycle, has also been updated to version 124.0.6367.201.
The credit for reporting the CVE-2024-4671 vulnerability goes to an anonymous researcher. This particular release does not include any additional security fixes. Notably, this marks Google’s sixth Chrome zero-day patch in 2024.
In previous instances, Google addressed two other zero-day vulnerabilities, CVE-2024-2887 and CVE-2024-2886, which were exploited during the Pwn2Own Vancouver 2024 hacking competition. Users are strongly advised to update their Chrome installations promptly to mitigate potential risks associated with this critical vulnerability.
While the update will be automatically rolled out over the next few days and weeks, users can manually trigger the update by accessing Chrome’s About menu. Given Chrome’s widespread usage as one of the most popular web browsers globally, this vulnerability represents a significant security threat. It is crucial for users to keep their software up-to-date with the latest security patches to safeguard systems and data from emerging threats.
In conclusion, staying vigilant and proactive in maintaining software security is key to protecting against potential cyber threats. As security incidents continue to evolve, timely updates and heightened awareness are essential for safeguarding digital assets in today’s interconnected world.