Vulnerability CVE-2024-4671 has been fixed in the latest version.
Google has urgently released another security update for its Chrome browser. The reason was the discovery of a critical vulnerability with active exploitation in real attacks.
The vulnerability was identified as CVE-2024-4671 and is classified as a use-after-free error in the component responsible for rendering web content. This dangerous vulnerability allows attackers to execute arbitrary code in the browser context and completely compromise the system.
The vulnerability was reported to Google by an anonymous cybersecurity expert on May 7, 2024. Users are urgently advised to update Chrome to version 124.0.6367.201/.202 for Windows and macOS and to version 124.0.6367.201 for Linux.
Google confirmed the existence of an exploit for this vulnerability, but did not disclose details of its use in attacks or information about intruders.
Since the beginning of the year, the company has already fixed two actively exploited vulnerabilities in Chrome.
In January, we fixed an issue with out-of-array access in the V8 JavaScript and WebAssembly engine (CVE-2024-0519, CVSS score: 8.8) that could expose sensitive information.
In March, during the Pwn2Own competition in Vancouver, three more vulnerabilities were discovered:
Owners of Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi are also advised to install updates as they become available.
Google has urgently released another security update for its Chrome browser. The reason was the discovery of a critical vulnerability with active exploitation in real attacks.
The vulnerability was identified as CVE-2024-4671 and is classified as a use-after-free error in the component responsible for rendering web content. This dangerous vulnerability allows attackers to execute arbitrary code in the browser context and completely compromise the system.
The vulnerability was reported to Google by an anonymous cybersecurity expert on May 7, 2024. Users are urgently advised to update Chrome to version 124.0.6367.201/.202 for Windows and macOS and to version 124.0.6367.201 for Linux.
Google confirmed the existence of an exploit for this vulnerability, but did not disclose details of its use in attacks or information about intruders.
Since the beginning of the year, the company has already fixed two actively exploited vulnerabilities in Chrome.
In January, we fixed an issue with out-of-array access in the V8 JavaScript and WebAssembly engine (CVE-2024-0519, CVSS score: 8.8) that could expose sensitive information.
In March, during the Pwn2Own competition in Vancouver, three more vulnerabilities were discovered:
- CVE-2024-2886 - error using after release in WebCodecs,
- CVE-2024-2887 - WebAssembly type confusion,
- CVE-2024-3159 - access outside the array in V8.
Owners of Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi are also advised to install updates as they become available.
