Google has released a crucial security update for the Chrome web browser to address a severe vulnerability that is actively being exploited by attackers. The vulnerability, identified as CVE-2024-4671, is a "use-after-free" flaw in the Visuals component of Chrome, which is responsible for rendering and displaying web content in the browser.
Here’s what we know about it.
Vulnerability Allows Memory Access
This vulnerability allows an attacker to gain unauthorized access to memory locations, which can lead to various malicious actions, such as reading sensitive data from the user's computer, causing crashes, or even taking complete control of the system.
The vulnerability affects all operating systems, including Linux, macOS, and Windows, making it a widespread threat to Chrome users.
It was discovered by an anonymous researcher and reported directly to Google. It has been assigned a Common Vulnerability Scoring System (CVSS) rating of 8.8, indicating a critical level of severity. While not the highest possible rating, a score of 8.8 is still considered a serious vulnerability that requires immediate attention.
What makes this vulnerability particularly concerning is that it is already being actively exploited by attackers in the wild. This means that users who have not updated their Chrome browser are at risk of being targeted by malicious actors.
What Should You Do?
To protect yourself from the vulnerability, we recommend that you update your Chrome browser immediately. The latest protected versions are 124.0.6367.201/.202 for Mac and Windows, and 124.0.6367.201 for Linux. Users on the Extended Stable channel will receive the update in the coming days, but it is recommended not to wait and update as soon as possible.
You can check your current version and update by navigating to Settings > About Chrome in the browser. Keeping software up-to-date is crucial for maintaining a secure computing environment and protecting against emerging threats.