Chrome Zero-day Exploited in Wild

Google has released an urgent security update for the Chrome browser to address a high-severity vulnerability that is being actively exploited in the wild.

This marks the sixth zero-day exploit targeting Chrome users this year, highlighting the persistent threat posed by sophisticated cyber-attacks.

The vulnerability, tracked as CVE-2024-4671, is a use-after-free flaw in Chrome’s Visuals component. It allows attackers to execute arbitrary code on affected systems, potentially leading to data theft, system hijacking, or other malicious activities.

Google acknowledged the existence of an exploit for CVE-2024-4671 and credited an anonymous researcher for reporting the issue on May 7th, 2024.

The company swiftly addressed the vulnerability and released patches for Chrome versions for Windows, Mac, and Linux as part of stable channel update 124.0.6367.201/.202.

Free Webinar on Live API Attack Simulation: Book Your Seat | Start protecting your APIs from hackers

Users are strongly advised to update their Chrome browsers immediately to mitigate the risk of falling victim to this zero-day exploit.

The update will be progressively rolled out over the coming days and weeks, but users can manually trigger the update process by navigating to Chrome’s settings and checking for available updates.

This latest zero-day exploit underscores the importance of keeping software up-to-date and practicing good cyber hygiene.

While Google’s prompt response is commendable, the increasing frequency of zero-day attacks highlights the ongoing arms race between security researchers and malicious actors.

Chrome is used by over 2.6 billion people worldwide, making it an attractive target for hackers. Google has invested heavily in security and typically patches dangerous zero-day vulnerabilities within days of them being reported.

Users should remain vigilant, exercise caution when browsing the web, and consider implementing additional security measures, such as using a reputable antivirus solution and enabling two-factor authentication wherever possible.

How to Update

To update Google Chrome on your computer, follow these steps:

  1. Open the Google Chrome browser on your Windows or Mac computer.
  2. Click on the three-dot icon (Vertical Ellipsis) located at the upper-right corner of the browser window.
  3. From the drop-down menu, go to “Help” and select “About Google Chrome”.
  4. A new window will open, displaying the message “Checking for updates” with a spinning wheel. Chrome will automatically check for available updates and start downloading them if found.
  5. Once the download is complete, you will be asked to relaunch the Google Chrome browser to install the updates.
  6. Click on the “Relaunch” button to close and reopen Chrome. The update will be installed, and your browser will now run on the latest version.

If Chrome is already up to date, the “About” page will display a message saying “Google Chrome is up to date,” followed by the current version number.

On an Android device, you can update Chrome through the Play Store app by tapping on the profile icon, selecting “Manage apps & device”, finding Chrome under “Updates available”, and tapping “Update” next to it.

It’s important to keep Chrome updated to ensure you have the latest security fixes and features. Chrome can also update automatically based on your Play Store settings on Android devices.

On-Demand Webinar to Secure the Top 3 SME Attack Vectors: Watch for Free

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.