Google on Thursday released security updates to address a zero-day flaw in Chrome that it said has been actively exploited in the wild.
Tracked as CVE-2024-4671, the high-severity vulnerability has been described as a case of use-after-free in the Visuals component. It was reported by an anonymous researcher on May 7, 2024.
Use-after-free bugs, which arise when a program references a memory location after it has been deallocated, can lead to any number of consequences, ranging from a crash to arbitrary code execution.
“Google is aware that an exploit for CVE-2024-4671 exists in the wild,” the company said in a terse advisory without revealing additional specifics of how the flaw is being weaponized in real-world attacks or the identity of the threat actors behind them.
With the latest development, Google has addressed two actively exploited zero-days in Chrome since the start of the year.
Earlier this January, the tech giant patched an out-of-bounds memory access issue in the V8 JavaScript and WebAssembly engine (CVE-2024-0519, CVSS score: 8.8) that could result in a crash.
Google also addressed three other zero-days that were disclosed during the Pwn2Own hacking contest in Vancouver in March –
- CVE-2024-2886 – Use-after-free in WebCodecs
- CVE-2024-2887 – Type confusion in WebAssembly
- CVE-2024-3159 – Out-of-bounds memory access in V8
Users are recommended to upgrade to Chrome version 124.0.6367.201/.202 for Windows and macOS, and version 124.0.6367.201 for Linux to mitigate potential threats.
Users of Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi are also advised to apply the fixes as and when they become available.
![Nord VPN](https://i0.wp.com/zpenterprises.co/wp-content/uploads/2020/10/NordVPN.jpg?resize=640%2C79&ssl=1)
![Coinbase - Getty Images - 1234552839](https://i0.wp.com/zpenterprises.co/wp-content/uploads/2022/10/Coinbase_GettyImages-1234552839.webp?resize=640%2C360&ssl=1)
![](https://i0.wp.com/zpenterprises.co/wp-content/uploads/2023/06/HA-TryHackMe-s.jpg?resize=640%2C305&ssl=1)
![Chase Sapphire Preferred - Travel Points](https://i0.wp.com/zpenterprises.co/wp-content/uploads/2023/10/chase_sapphire_preferred-travel_points.png?resize=588%2C508&ssl=1)
![NordPass - Password Manager - CJ Banner](https://i0.wp.com/zpenterprises.co/wp-content/uploads/2022/10/NordPass-Password_Manager-CJ_Banner.jpg?resize=640%2C78&ssl=1)
![Binance Cryptowallet - Buy/Sell](https://i0.wp.com/zpenterprises.co/wp-content/uploads/2022/09/binance_web-1.jpg?resize=640%2C368&ssl=1)
![Amazon - Daily Deals](https://i0.wp.com/zpenterprises.co/wp-content/uploads/2022/06/Amazon-Daily_Deals-1.jpg?resize=466%2C142&ssl=1)
![](https://i0.wp.com/zpenterprises.co/wp-content/uploads/2022/10/grubhub_affliate_logo.jpg?resize=640%2C336&ssl=1)
![](https://i0.wp.com/zpenterprises.co/wp-content/uploads/2022/10/idle_emprire.jpg?resize=500%2C261&ssl=1)
![](https://i0.wp.com/hideout.co/assets/img/referral_banners/hban1_728x90.png?w=640&ssl=1)
![](https://i0.wp.com/zpenterprises.co/wp-content/uploads/2022/12/Model_T_Unlock_static.webp?resize=639%2C780&ssl=1)