Days after addressing a newly discovered zero-day vulnerability exploited by hackers, Google has rolled out yet another critical security update for users of its popular Chrome browser.
“The Stable channel has been updated to 124.0.6367.207/.208 for Mac and Windows and 124.0.6367.207 for Linux which will roll out over the coming days/weeks,” Google’s Daniel Yip writes on the Chrome Releases blog.
The update is focused on squashing a single security bug – one labeled high-risk by the search giant.
Tracked as CVE-2024-4761, the flaw is described as an out-of-bounds write issue in Chrome’s V8 JavaScript and WebAssembly engine. A motivated attacker can exploit out-of-bounds write vulnerabilities to crash a program or execute arbitrary (malicious) code. And according to the advisory, hackers are already exploiting the weakness on unpatched systems.
“Google is aware that an exploit for CVE-2024-4761 exists in the wild,” the notice reads.
Motivated threat actors have been known to chain together exploits for security issues like this one and deploy data stealing malware, such as spyware. While these attacks are usually highly targeted, everyone using Chrome should always keep the app updated with the latest security patches – especially when the bugs addressed are said to be actively exploited for malicious purposes.
Unlike most Chrome updates, this release is not accompanied by the corresponding Android and iOS updates, meaning only the desktop installments of Chrome are affected this time around.
To update your Chrome browser to the latest version, simply visit Settings -> About Chrome and let the web browser fetch the latest version for you. When prompted, relaunch Chrome.
As a rule of thumb, always deploy the latest security updates from your software/device vendor as soon as they’re available. Keeping your devices updated ensures you have the latest security patches applied, greatly reducing hackers’ attack surface. For peace of mind, consider a dedicated security solution as well.
tags
Filip has 15 years of experience in technology journalism. In recent years, he has turned his focus to cybersecurity in his role as Information Security Analyst at Bitdefender.
View all postsDecember 24, 2024
December 19, 2024
November 14, 2024