Update your Chrome browser ASAP. Google has confirmed a zero-day exploited in the wild

6 months ago 52
BOOK THIS SPACE FOR AD
ARTICLE AD
Chrome logo in sand.
Jack Wallen/ZDNET

Google has released a critical security update for the Chrome web browser. The zero-day flaw, CVE-2024-4671, is a "use-after-free" vulnerability in Chrome's Visuals component.

You might be asking, "what is Chrome's Visuals component?" In short, it's the part responsible for rendering and displaying content in the browser. Everyone uses a browser to open content, so everyone's vulnerable.

Specifically, the vulnerability enables an attacker to exploit out-of-bounds memory access. In English, that means if you go to a website with a malicious webpage, it can foul up your computer. It doesn't matter if your machine's running Linux, macOS, or Windows. This security hole is an equal-opportunity troublemaker.

Also: 5 ways to declutter your Chrome browser - and take back control of your tab life

Discovered by an anonymous researcher and reported directly to Google, CVE-2024-4671 has a Common Vulnerability Scoring System (CVSS) rating of 8.8, which means it's a serious vulnerability.

It could be worse -- ratings above 9.0 are critical, aka Fix It Right Now -- but this is bad enough. An attacker can use this flaw to read data from your computer, cause crashes, and even take over a PC. In short, it's bad news.

What really makes this one a stinker is that it's being exploited now. The advisory notes that Google is aware that an exploit for CVE-2024-4671 exists in the wild.

To ensure you're protected, verify that you have the latest version of Chrome by navigating to Settings > About Chrome. The up-to-date protected versions are 124.0.6367.201/.202 for Mac and Windows and 124.0.6367.201 for Linux. Users in the Extended Stable channel will receive version 124.0.6367.201 for Mac and Windows in the coming days.

I wouldn't wait. To stay safe, update Chrome immediately.

Editorial standards
Read Entire Article