It is very important that you make sure your computer is on the most recent version.
In order to address a zero-day vulnerability attack that has been exploited by threat actors, Google has published a security update for the Chrome browser by fixing the vulnerability. Based on the information provided by Bleeping Computer, this is the fifth time in the current year that the corporation has been required to release a patch for one of these vulnerabilities.
“Google is aware that an exploit for CVE-2024-4671 exists in the wild,” the business stated in a brief alert published by the company. The organization did not provide any data regarding the type of the attack that took place in the real world or the identification of the threat actors. Due to the fact that Google prefers to wait until the majority of its customers have updated the software before providing precise specifics, this is something that happens rather frequently.
In regard to the exploit, we do have some information. Both a “high-severity issue” and a “user after free” vulnerability are being assigned to account for this vulnerability. The occurrence of these flaws occurs when a program addresses a memory location after the memory region has been deallocated. This can result in a variety of extremely dangerous effects, ranging from a crash to the execution of code at random. It would appear that the CVE-2024-4671 vulnerability is connected to the graphics component, which is responsible for rendering and the display of content on the browser.
A researcher who wished to remain anonymous was the one who identified and reported the vulnerability to Google. Updates will continue to be distributed to customers over the next several days and weeks, and the fix is currently available for Mac, Windows, and Linux operating systems. Users are able to verify that they are using the most recent version of Chrome by navigating to Settings and About Chrome. Chrome is designed to automatically update with security patches. Users using browsers that are based on Chromium, such as Microsoft Edge, Brave, Opera, and Vivaldi, should likewise update to a new version as soon as it is made available.
It has been noted that this is the seventh instance of this kind of problem that Google has corrected in this year. The phrase “within the last calendar year” is not what I mean. I am referring to the year 2024. While participating in the Pwn2Own hacking competition in Vancouver in March, three were found to be malicious. In no way is this a record or anything else. Back in the year 2020, Google discovered and repaired five in a single month.
The use of zero-day exploits has been a persistent source of frustration for Google. A sort of cyberattack that takes use of a security hole in computer software, hardware, or firmware that is either unknown or has not been corrected is known as a vulnerability attack. As part of its Vulnerability Rewards Program, the corporation often offers substantial financial compensation to employees who find vulnerabilities.