Google has released an important security update for the Chrome browser. This update is designed to fix a zero-day vulnerability used by cyber attackers. This is the fifth patch the company has released for such vulnerabilities this year, Bleeping Computer reported.
Google has confirmed that a vulnerability known as CVE-2024-4671 is actively used in the wild. The company did not release specific information regarding the nature of the real-world attack or the identity of the threat actors. Google generally prefers to reveal specific details after most users have updated the software.
Details about the “zero-day vulnerability” targeting Google Chrome
As for the details of the vulnerability, it is classified as a highly serious issue and is described as a “null after user” type of security vulnerability. These types of errors occur when a program references a memory location after use, which can lead to serious consequences ranging from crashes to arbitrary code execution. The CVE-2024-4671 vulnerability appears to be related to the browser's components that manage content display and visual operations.
The vulnerability was discovered by an anonymous researcher and reported to Google. The fix is available for Mac, Windows and Linux, and updates will continue to be rolled out to users in the coming days and weeks. Chrome automatically updates with security fixes so users can ensure they're running the latest version. Settings > About Chrome They can verify from the section.
This is the fifth vulnerability addressed by Google in the year. The “year” mentioned here is 2024, not a “last calendar year”. The first three exploits of the year were discovered at the Pwn2Own hacking competition in Vancouver in March. However, this is not a record. Previously, Google found and fixed five vulnerabilities in one month in 2020
Zero-day vulnerabilities have been a constant problem for Google. These are a type of cyber attack carried out by exploiting an unknown or unaddressed vulnerability in computer software, hardware or firmware. The company often pays large bounties for bug discoveries, which is part of its Bug Bounty Program.
To deal with such threats, users need to keep their browsers constantly updated.