Google has released an emergency patch for its Chrome browser to protect users from a newly discovered vulnerability, CVE-2024-4671, actively exploited by attackers. Here’s what you need to know:
Vulnerability Details:
The vulnerability, brought to Google’s attention by an anonymous cybersecurity researcher, affects the Visuals component and is categorized as a Use-After-Free vulnerability. This type of vulnerability arises from improper handling of dynamic memory, allowing attackers to manipulate freed memory cells for malicious purposes. Exploitation of CVE-2024-4671 could result in data corruption, system crashes, or even remote code execution on compromised devices.
Impact and Risks:
According to a statement from the Center for Internet Security, attackers exploiting this vulnerability could gain various privileges on the affected system. Depending on the user’s privilege level, attackers could install applications, access, modify, or delete data, and create new accounts with equivalent rights. This poses significant risks to user privacy and system security.
Browser Affected and Fixes:
Aside from Chrome, other Chromium-based browsers like Microsoft Edge and Brave are also vulnerable to CVE-2024-4671. Microsoft has acknowledged the issue and is actively developing a security patch for its Edge browser. Google has already issued fixes for Chrome, with update 124.0.6367.202 for Windows, and 124.0.6367.201 for Mac and Linux users, adds NIX Solutions.
Stay Informed: As the situation evolves, we’ll keep you updated on any further developments regarding this security vulnerability. Remember to regularly update your browser and software to protect against emerging threats.