Google Patches the Fifth Zero-Day Exploit in Chrome

Google has identified and patched a fifth vulnerability in Chrome this year.

CVE-2024-4671 is a “user after free” vulnerability in the browser’s Visuals component, which manages how Chrome renders web pages.

This new zero-day exploit came to light after an anonymous security researcher reported it to Google.

The company took cognizance of this highly severe issue and released a patch.

Whatโ€™s the Damage?

Hackers can leverage this exploit to perform code execution, steal data, or crash the system.

Google acknowledged the new vulnerability in its browser and said, “It is aware that an exploit for CVE-2024-4671 exists in the wild.”

That’s about it. It gave no further clarification on the reason behind this exploit and the number of users affected by it.

Before this, Google patched three vulnerabilities discovered in March in a Pwn2Own hacking event and CVE-2024-0519 in January 2024.

The advisory mentioned that an update has been issued for Windows and Mac users. Since there are two stable and extended stable channels, the updated versions are different.

Which Update Should You Download?

Stable version users must download the 124.0.6367.201/.202 for Mac and Windows and 124.0.6367.201 for Linux.

For the extended stable channel, Google has released the 124.0.6367.201 update for Mac and Windows.

When it becomes available, Chrome automatic updates will download this update, which contains fixes for the zero-day exploit. Google advised that the roll-out could take a few days/weeks to complete.

You can also manually check for updates by typing chrome://settings/help in the URL bar. Then check and download the latest update.

After that restart the browser to apply the update.

Read More

Suggested Post