Google has released a critical security update for the Chrome web browser. The zero-day flaw, CVE-2024-4671, is a “use-after-free” vulnerability in Chrome’s Visuals component.
You might be asking, “what is Chrome’s Visuals component?” In short, it’s the part responsible for rendering and displaying content in the browser. Everyone uses a browser to open content, so everyone’s vulnerable.
Specifically, the vulnerability enables an attacker to exploit out-of-bounds memory access. In English, that means if you go to a website with a malicious webpage, it can foul up your computer. It doesn’t matter if your machine’s running Linux, macOS, or Windows. This security hole is an equal-opportunity troublemaker.
Also: 5 ways to declutter your Chrome browser – and take back control of your tab life
Discovered by an anonymous researcher and reported directly to Google, CVE-2024-4671 has a Common Vulnerability Scoring System (CVSS) rating of 8.8, which means it’s a serious vulnerability.
It could be worse — ratings above 9.0 are critical, aka Fix It Right Now — but this is bad enough. An attacker can use this flaw to read data from your computer, cause crashes, and even take over a PC. In short, it’s bad news.
What really makes this one a stinker is that it’s being exploited now. The advisory notes that Google is aware that an exploit for CVE-2024-4671 exists in the wild.
To ensure you’re protected, verify that you have the latest version of Chrome by navigating to Settings > About Chrome. The up-to-date protected versions are 124.0.6367.201/.202 for Mac and Windows and 124.0.6367.201 for Linux. Users in the Extended Stable channel will receive version 124.0.6367.201 for Mac and Windows in the coming days.
I wouldn’t wait. To stay safe, update Chrome immediately.