CVE-2024-4671: Google Chrome Zero-Day Bug Under Active Attack

In a swift response to a severe security threat, Google has rolled out emergency updates for Chrome after discovering a zero-day vulnerability that was being actively exploited. This security breach, known as CVE-2024-4671, concerns a use-after-free error in Chrome’s Visuals component and represents a significant risk to users worldwide.

This type of bug occurs when a program continues to use a chunk of computer memory even after it’s been released, or “freed.” Attackers can exploit this error to corrupt data or execute their own malicious code.

Google’s confirmation that an exploit exists “in the wild” means that attackers are actively leveraging this flaw. This ramps up the urgency for users to install the patch immediately.

Zero-day vulnerabilities are particularly dangerous because attackers have a head start. They already have a working exploit before software developers release a fix. This underscores the importance of updating essential software like web browsers as soon as security patches become available.

The patched versions of Google Chrome are rolling out globally as of today:

  • Windows and Mac: 124.0.6367.201/.202
  • Linux: 124.0.6367.201

Chrome will often update automatically, but you can force a manual update:

  1. Click the three dots in the top-right corner of Chrome.
  2. Go to Help > About Google Chrome.
  3. Chrome will check for and install available updates.