Google has released a protection update for the Chrome browser to resolve the fifth zero-day susceptibility used in the wild since the beginning of the year. The high-severity problem followed by CVE-2024-4671 is a “user behind free” vulnerability in the Visuals element that controls the rendering and presentation of content on the browser.
CVE-2024-4671 was found and conveyed to Google by an unknown investigator, while the company announced that it was possibly vigorously manipulated. Google is familiar that an exploit for CVE-2024-4671 lives in the wild,” reads the advisory without supplying further details. Utilizing after-free defects are protection faults that happen when a program resumes to use of a pointer after the remembrance it points to has been released, following the culmination of its legitimate operations on that territory.
Because the released memory could now include other data or be used by different software or segments, accessing it could result in data leakage, code implementation, or crash. Google handled the situation with the liberation of 124.0.6367.201/.202 for Mac/Windows and 124.0.6367.201 for Linux, with the updates moving out over the forthcoming days/weeks.
Chrome updates automatically when a protection update is general, but users can ensure they’re operating the most delinquent version by heading to Settings > About Chrome, allowing the update to finish, and then clicking on the ‘Relaunch’ button to involve it.
This most delinquent defect handled in Google Chrome is the fifth this year, with three others found during the March 2024 Pwn2Own hacking competition in Vancouver. The entire checklist of Chrome zero-day susceptibilities improved since the beginning of 2024 also contains the following:
- CVE-2024-0519: A high-severity out-of-bounds remembrance access deficiency within the Chrome V8 JavaScript engine, permitting small assaulters to manipulate rise criminality through a specially prepared HTML page, directing unauthorized entrance to acute knowledge.
- CVE-2024-2887: A high-severity style mess defect in the WebAssembly (Wasm) measure. It could lead to small code implementation (RCE) manipulation leveraging a framed HTML messenger.
- CVE-2024-2886: A use-after-free exposure in the WebCodecs API utilized by web applications to encode and decode audio and video. Small assaulters manipulated it to execute unplanned reads and reports through prepared HTML runners, conducting slim code implementation.
- CVE-2024-3159: A high-severity susceptibility induced by an out-of-bounds read in the Chrome V8 JavaScript engine. Small assailants used this defect utilizing specially formulated HTML pages to access data exceeding the assigned remembrance protector, resulting in the accumulation of lawlessness that could be leveraged to remove exposed details.