Active Exploitation of Zero-Day Vulnerability in Google Chrome

Published on 13 May 2024

Google has released security updates addressing a zero-day vulnerability (CVE-2024-4671) affecting their Chrome browser on Windows, Mac and Linux systems. The vulnerability is reportedly being actively exploited.

Successful exploitation of the “use after free” vulnerability in the Visuals component could lead to data leakage, crash, or arbitrary code execution, allowing attackers to gain unauthorised system access.

Users of Google Chrome are advised to update their browser to the latest version (124.0.6367.201/.202 for Mac/Windows and 124.0.6367.201 for Linux respectively) immediately.

Users are also encouraged to enable automatic software updates in their Chrome browser to ensure their software is updated promptly.

More information is available here:

https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_9.html?m=1

https://www.bleepingcomputer.com/news/security/google-fixes-fifth-chrome-zero-day-vulnerability-exploited-in-attacks-in-2024/