Google has updated its Chrome browser to patch a high-severity zero-day vulnerability that allows attackers to execute malicious code on end user devices. This marks the fifth time this year that the company has updated Chrome to protect users from a known exploit.
The vulnerability, identified as CVE-2024-4671, is classified as a “use after free” bug, a type of issue common in C-based programming languages. It occurs when memory space allocated for certain operations is not properly cleared after it is no longer needed, leading to a situation where the freed memory can be reused inappropriately. This can result in the execution of malicious code that was planted by an attacker.
Google was alerted to the vulnerability by an anonymous source, and it has been given a severity rating of 8.8 out of 10. Google confirmed that an exploit for CVE-2024-4671 is already being used in the wild.
In response, Google has released updated versions: 124.0.6367.201/.202 for macOS and Windows, and 124.0.6367.201 for Linux. These updates will be automatically applied to Chrome browsers, but users can manually check for updates by going to Settings > About Chrome and clicking on the Relaunch button if necessary.
Google did not disclose further details about the exploit, including which platforms are targeted or who may be behind the attacks.
Including this latest update, Google has now patched five zero-day vulnerabilities in Chrome in 2024. Earlier instances were addressed during the Pwn-to-Own exploit contest and for exploits detected in the wild.
Chrome users are encouraged to ensure they are running the latest version to protect against potential attacks leveraging this vulnerability.