Google has released an emergency update for its Chrome browser to patch a critical zero-day vulnerability identified as CVE-2024-4671. This flaw, discovered by an anonymous security researcher and rated as high severity, is currently being exploited by unknown attackers.
The vulnerability, a “use after free” issue in Chrome’s Visuals component, allows attackers to re-access memory locations that have been freed, potentially leading to data corruption, system crashes, or execution of unauthorized code. This could enable attackers to download malware or manipulate data and user accounts on the affected system.
The nonprofit Center for Internet Security has highlighted the risk, noting that depending on a user’s system privileges, the exploit could allow unauthorized program installations, data manipulation, or the creation of accounts with full user rights.
This issue is not confined to Chrome alone but likely extends to other browsers that use Google’s Chromium engine, such as Microsoft Edge and Brave. Microsoft has acknowledged similar exploits in the wild and is preparing an update for Edge.
Google is deploying the patch in Chrome version 124.0.6367.201/.202 for Mac and Windows and version 124.0.6367.201 for Linux. Users are advised to update their browsers immediately to receive the fix. Google anticipates that the update will roll out automatically over the next few days and weeks for those who do not manually update.