Google Admits Active Exploitation For Chrome Browser Zero-Day

Chrome users must ensure that their devices are updated with the latest browser release. Google addressed an actively exploited zero-day flaw with the latest build, which applies to all Chrome users with various devices. The vulnerability affects desktop and mobile Chrome versions alike.

Google Patched The Zero-Day Flaw In Its Chrome Browser

As Google continues to address security issues across its products, it patched an actively exploited zero-day flaw affecting its Chrome browser.

According to its advisory, the vulnerability, CVE-2024-4671, is a high-severity use-after-free affecting Visuals. The vulnerability first caught the attention of an anonymous researcher, who reported the matter to Google.

The firm confirmed that active exploits for the flaw exist in the wild. Hence, given the existing threats, they have refrained from sharing any technical details that might ease its further exploitation. It’s a common practice at Google to keep vulnerability details private, particularly for issues with active exploitation, to prevent large-scale attacks.

But, of course, hiding details won’t save users from potential threats unless they patch their systems. So, all Chrome users must ensure updating to the latest browser releases: 124.0.6367.201/.202 for Mac and Windows, 124.0.6367.201 for Linux, and 124.0.6367.171 for Android, all of which include the same security fix.

Though most updates are sent to eligible devices automatically, they may fail if users have disabled auto-updates (which is not recommended for security). Therefore, users must also ensure their devices are up-to-date by manually checking for app updates.

Interestingly, this update only addressed a single security issue, which somewhat hints at the urgency of the matter. (Or, perhaps there were no other security flaws this time?) This differs from the previous four zero-day patches released this year, including other security fixes.

Earlier this year, Google addressed the vulnerability CVE-2024-0519 in January, followed by three other zero-days that caught attention at the Pwn2Own 2024, CVE-2024-2886, CVE-2024-2887, and CVE-2024-3159.

Let us know your thoughts in the comments.

Related posts

NachoVPN Attack Risks Corporate VPN Clients

Sweet Security Introduces Evolutionary Leap in Cloud Detection and Response, Releasing First Unified Detection & Response Platform

Anti-Spam WordPress Plugin Vulnerabilities Risked 200K+ Websites