Google just patched the fifth zero-day exploit for Chrome this year


There is Google To fix a zero-day vulnerability exploit used by threat actors for the Chrome browser. This is the fifth time this year that the company has had to release a patch for one of these vulnerabilities. .

“Google is aware that an exploit for CVE-2024-4671 exists in the wild,” the company said in a brief advisory. He did not provide any specific information about the nature of the real-world attack or the identity of the attackers. This is common for Google, as it likes to wait for most users to update their software before announcing specific details.

We know some things about exploitation. It is classified as a “high severity issue” and a “free user” vulnerability. These errors occur when a program references a memory location after it has been allocated, leading to any number of serious consequences, from a crash to accidental code execution. The CVE-2024-4671 vulnerability appears to have been added to the visual component that handles rendering and rendering of content in the browser.

The exploit was discovered by an anonymous researcher and reported to Google. The fix is ​​available for Mac, Windows, and Linux, and updates will continue to roll out to users in the coming days and weeks. Chrome is automatically updated with security fixes, so users can confirm they’re running the latest version of the browser by going to Settings and About Chrome. Users of Chromium-based browsers such as Microsoft Edge, Brave, Opera and Vivaldi should also update to the new version as soon as it becomes available.

As noted, this is the fifth such flaw that Google has fixed this year. I don’t mean “within the last calendar year.” I mean in 2024. The three were revealed back in March at the Pwn2Own hacking competition in Vancouver. It’s not a record or anything. Google found it and fixed it in 2020.

Zero-day exploits have been a constant thorn in Google’s side. These are a type of cyberattack that exploits an unknown or unaddressed security flaw in a computer program, hardware, or software. The company usually pays big money for bug detection .



Source link

Leave a Reply

Your email address will not be published. Required fields are marked *