Jack Wallen/ZDNETGoogle has released a critical security update for the Chrome web browser. The zero-day flaw, CVE-2024-4671, is a “use-after-free” vulnerability in Chrome’s Visuals component.You might be asking, “what is Chrome’s Visuals component?” In short, it’s the part responsible for rendering and displaying content in the browser. Everyone uses a browser to open content, so everyone’s vulnerable.Specifically, the vulnerability enables an attacker to exploit out-of-bounds memory access. In English, that means if you go to a website with a malicious webpage, it can foul up your computer. It doesn’t matter if your machine’s running Linux, macOS, or Windows. This security hole is an equal-opportunity troublemaker.Also: 5 ways to declutter your Chrome browser – and take back control of your tab lifeDiscovered by an anonymous researcher and reported directly to Google, CVE-2024-4671 has a Common Vulnerability Scoring System (CVSS) rating of 8.8, which means it’s a serious vulnerability.It could be worse — ratings above 9.0 are critical, aka Fix It Right Now — but this is bad enough. An attacker can use this flaw to read data from your computer, cause crashes, and even take over a PC. In short, it’s bad news.What really makes this one a stinker is that it’s being exploited now. The advisory notes that Google is aware that an exploit for CVE-2024-4671 exists in the wild.To ensure you’re protected, verify that you have the latest version of Chrome by navigating to Settings > About Chrome. The up-to-date protected versions are 124.0.6367.201/.202 for Mac and Windows and 124.0.6367.201 for Linux. Users in the Extended Stable channel will receive version 124.0.6367.201 for Mac and Windows in the coming days.I wouldn’t wait. To stay safe, update Chrome immediately.
Source link
Update your Chrome browser ASAP. Google has confirmed a zero-day exploited in the wild
Related Posts
Wherever There’s Ransomware, There’s Service Account Compromise. Are You Protected?
Until just a couple of years ago, only a handful of IAM pros knew what service accounts are. In the last years, these silent Non-Human-Identities (NHI) accounts have become one…
First Israel’s Exploding Pagers Maimed and Killed. Now Comes the Paranoia
“They don’t trust their smartphones, so they reach back to these more archaic devices, and those blow up. What’s next?” says Schneier. “Everything becomes less efficient, because they can’t communicate…