Google Patches Zero-Day Chrome Vulnerability Exploited in the Wild

Google recently rolled out security updates to address a zero-day vulnerability in its Chrome web browser reportedly exploited in the wild.

While the company didn’t elaborate on how the flaw is being weaponized nor offer details about the perpetrators piggybacking it, the vulnerability has been marked as highly severe.

Use-After-Free Vulnerability in Google Chrome

Tracked as CVE-2024-4671, the vulnerability is labeled as a use-after-free case in Google Chrome’s Visuals, affecting versions earlier than 124.0.6367.201. Before patching, perpetrators who managed to compromise the browser’s render process could have exploited the flaw remotely to perform a sandbox escape using a crafted HTML page.

“Google is aware that an exploit for CVE-2024-4671 exists in the wild,” reads Google’s laconic announcement. An anonymous researcher discovered and submitted the highly severe vulnerability on May 7.

Could Invite Remote Code Execution

Use-after-free bugs can devastate vulnerable systems via a plethora of scenarios, ranging from process crashes to allowing threat actors to run arbitrary code remotely. These flaws occur whenever programs reference memory locations that have been deallocated.

Users are advised to update Google Chrome to version 124.0.6367.201/.202 for Windows and macOS users and version 124.0.6367.201 for Linux to prevent threat actors from exploiting the high-severity flaw.

Updating to Latest Version is Strongly Recommended

Chromium-based browser users should also apply the latest security patches and keep their browsers up to date to mitigate threats.

Recently, Google also addressed a critical “type confusion” flaw in its web browser. The vulnerability affected Chrome’s graphic rendering module for both desktop and mobile users. If exploited, type confusion flaws could pave the way for remote code execution, letting threat actors perform a wide range of nefarious actions on vulnerable devices, including data stealing and planting malware.

In addition to keeping your software up-to-date, using dedicated security solutions such as Bitdefender Ultimate Security can keep your devices safe from intrusions. Its advanced features can protect your devices from viruses, Trojans, zero-day exploits, ransomware, spyware, rootkits, worms, and other threats.