HomeCyber BalkansGoogle Chrome zero-day vulnerability exploited in the wild

Google Chrome zero-day vulnerability exploited in the wild

Published on

spot_img

Google has recently issued a critical security update for its Chrome web browser in response to attackers exploiting a high-severity vulnerability. The update, which brings Chrome to version 124.0.6367.201, is available for Windows, Mac, and Linux users on the Stable release channel.

The vulnerability, known as CVE-2024-4671, is categorized as a “use after free” flaw in the browser’s Visuals component. This flaw could potentially allow an attacker to execute arbitrary code on a victim’s system. If successfully exploited, the attacker would gain the same privileges as the logged-in user, potentially leading to actions such as installing malware, stealing data, or creating new user accounts with full access.

According to the MS-ISAC advisory, the vulnerability has been observed being actively exploited, posing a significant risk to systems that have not been patched. Google has acknowledged the existence of an exploit for CVE-2024-4671 but has not provided detailed information to allow users time to apply the update.

The 124.0.6367.201 update is now accessible to users on the Stable channel, which is the primary release branch recommended for most users after thorough testing. Additionally, the Extended Stable channel, which receives updates on a slower 8-week cycle, has also been updated to version 124.0.6367.201.

The credit for reporting the CVE-2024-4671 vulnerability goes to an anonymous researcher. This particular release does not include any additional security fixes. Notably, this marks Google’s sixth Chrome zero-day patch in 2024.

In previous instances, Google addressed two other zero-day vulnerabilities, CVE-2024-2887 and CVE-2024-2886, which were exploited during the Pwn2Own Vancouver 2024 hacking competition. Users are strongly advised to update their Chrome installations promptly to mitigate potential risks associated with this critical vulnerability.

While the update will be automatically rolled out over the next few days and weeks, users can manually trigger the update by accessing Chrome’s About menu. Given Chrome’s widespread usage as one of the most popular web browsers globally, this vulnerability represents a significant security threat. It is crucial for users to keep their software up-to-date with the latest security patches to safeguard systems and data from emerging threats.

In conclusion, staying vigilant and proactive in maintaining software security is key to protecting against potential cyber threats. As security incidents continue to evolve, timely updates and heightened awareness are essential for safeguarding digital assets in today’s interconnected world.

Source link

Latest articles

ThreatsDay: Cloud Bucket Hijacking, Windows LPE Chain, Global Fraud Bust and 17 Additional Stories

The Hidden Dangers of Neglected Security Practices: A Comprehensive Overview of Threats This Week The...

Microsoft Unveils GigaWiper: A Backdoor Engineered for On-Demand Destruction

Unveiling the Capabilities of GigaWiper: A New Threat in Cybersecurity Recent findings have shed light...

The Business Case for Addressing Security Debt: A Practical Approach for CISOs

In recent discussions among Chief Information Security Officers (CISOs), a significant shift has emerged...

Barracuda Acquires Evo to Develop SMB Identity Resilience Platform

Barracuda Expands Identity Security Offerings with Acquisition of Evo Security Barracuda Networks, a prominent player...

More like this

ThreatsDay: Cloud Bucket Hijacking, Windows LPE Chain, Global Fraud Bust and 17 Additional Stories

The Hidden Dangers of Neglected Security Practices: A Comprehensive Overview of Threats This Week The...

Microsoft Unveils GigaWiper: A Backdoor Engineered for On-Demand Destruction

Unveiling the Capabilities of GigaWiper: A New Threat in Cybersecurity Recent findings have shed light...

The Business Case for Addressing Security Debt: A Practical Approach for CISOs

In recent discussions among Chief Information Security Officers (CISOs), a significant shift has emerged...