Google has for the Chrome browser to fix a zero-day vulnerability that has been used by threat actors. This is the fifth time this year that the company has had to issue a patch for one of these vulnerabilities. .
“Google is aware that an exploit exists for CVE-2024-4671,” the company said in a brief advisory. It did not give any details about the real-world nature of the attack or the identity of the threat actors. This is common for Google, as it likes to wait until most users have updated the software before announcing specific details.
We know a few things about the exploit. It is being classified as a “high severity issue” and a “user after free” vulnerability. These errors arise when a program references a memory location after it has been deallocated, resulting in a number of serious consequences, from a crash to random code execution. It appears that the CVE-2024-4671 vulnerability is attached to the visual component that handles the rendering and display of content in the browser.
The exploit was discovered and reported to Google by an anonymous researcher. The fix is available for Mac, Windows, and Linux and updates will continue to roll out to users over the coming days and weeks. Chrome automatically updates with security fixes, so users can confirm they are running the latest version of the browser by going to Settings and About Chrome. Users of Chromium-based browsers like Microsoft Edge, Brave, Opera, and Vivaldi should also update to a new version as soon as they are available.
As noted, this is the fifth such flaw Google has addressed this year. I don't mean “within the last calendar year.” I'm talking about 2024. Three were discovered in March at the Pwn2Own hacking contest in Vancouver. This is not an album or anything like that. Google found and fixed it in 2020.
Zero-day exploits have been a constant nuisance for Google. This is a type of cyber attack that takes advantage of an unknown or unaddressed security flaw in computer software, hardware, or firmware. The company usually pays a lot of money for the discovery of errors, as part of its campaign.
