Google has released a security update for the Chrome browser to fix a zero-day vulnerability exploit that has been used by threat actors. This is the fifth time this year the company has had to issue a patch for one of these vulnerabilities, as reported by Bleeping Computer.
"Google is aware that an exploit for CVE-2024-4671 exists in the wild," the company said in a short advisory. It did not issue any specifics as to the nature of the real-world attack or the identity of the threat actors. This is common for Google, as it likes to wait until a majority of users have updated the software before announcing specific details.
We do know some stuff about the exploit. It’s being classified as a “high-severity issue” and as a “user after free” vulnerability. These bugs arise when a program references a memory location after it has been deallocated, leading to any number of serious consequences from a crash to a random execution of code. It looks like the CVE-2024-4671 vulnerability is attached to the visuals component that handles rendering and the display of content on the browser.
The exploit was discovered and reported to Google by an anonymous researcher. The fix is available for Mac, Windows and Linux and updates will continue to roll out to users over the coming days and weeks. Chrome updates automatically with security fixes, so users can confirm they are running the latest version of the browser by going to Settings and About Chrome. Users of Chromium-based browsers like Microsoft Edge, Brave, Opera and Vivaldi should also update to a new version as soon as they are available.
As stated, this is the fifth of this type of flaw addressed by Google this year. I don’t mean “within the last calendar year.” I mean in 2024. Three were discovered back in March at the Pwn2Own hacking contest in Vancouver. This isn’t a record or anything. Google found and fixed five in one month back in 2020.
Zero-day exploits have been a constant thorn in Google’s side. These are a type of cyberattack that take advantage of an unknown or unaddressed security flaw in computer software, hardware or firmware. The company typically pays out big money for bug discoveries, as part of its Vulnerability Rewards Program.
This article originally appeared on Engadget at https://www.engadget.com/google-just-patched-the-fifth-zero-day-exploit-for-chrome-this-year-153723334.html?src=rss https://www.engadget.com/google-just-patched-the-fifth-zero-day-exploit-for-chrome-this-year-153723334.html?src=rssMelden Sie sich an, um einen Kommentar hinzuzufügen
Andere Beiträge in dieser Gruppe
Epic Games has an uncanny habit of making sure Fortnite is in tune with the cultural
Lucid Motors has cut 400 jobs, according to a regulatory filing
Microsoft is leaning even more into AI after launching a new Copilot+ AI PC initiative earlier this year. It's a new set of standards for PCs with powerful neural processing units (NPUs), and it co
In the midst of beach trips and grilling sessions this weekend, it's worth briefly turning to the i