Google Admits Active Exploitation for Zero-Day Chrome Browser – Latest Hacking News

3 Min Read

Chrome users should ensure that their devices are updated with the latest browser release. Google has addressed an actively exploited zero-day issue with the latest build, which applies to all Chrome users across devices. The vulnerability affects both desktop and mobile versions of Chrome.

Google has fixed the Zero-Day bug in its Chrome browser

As Google continues to address security issues in its products, it has patched an actively exploited zero-day flaw in its Chrome browser.

According to his advisory, the vulnerability, CVE-2024-4671, is a high-severity use-after-free that affects Visuals. The vulnerability first caught the attention of an anonymous researcher, who reported the matter to Google.

The company confirmed that exploits for the flaw exist in the wild. Therefore, given the existing threats, they have refrained from sharing technical details that could facilitate its further exploitation. Google’s practice is to keep vulnerability details private, especially for active exploitation issues, to prevent large-scale attacks.

But of course, hiding details won’t protect users from potential threats unless they patch their systems. So all Chrome users should make sure they update to the latest browser versions: 124.0.6367.201/.202 for Mac and Windows, 124.0.6367.201 for Linux, and 124.0.6367.171 for Androidall of which contain the same security solution.

Although most updates are sent automatically to eligible devices, they may fail if users have turned off automatic updates (which is not recommended for security reasons). Therefore, users should also ensure that their devices are up to date by manually checking for app updates.

Interestingly, this update only addressed a single security issue, which goes some way to indicating the urgency of the matter. (Or perhaps there were no other security flaws this time?) This is a departure from the previous four zero-day patches released this year, which included other security fixes.

See also  Anderson Cooper admits he would 'absolutely' doubt Michael Cohen

Earlier this year, Google addressed the vulnerability CVE-2024-0519 in January, followed by three other zero-days that attracted attention at Pwn2Own 2024, CVE-2024-2886, CVE-2024-2887And CVE-2024-3159.

Let us know your thoughts in the comments.

Share This Article
Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *