Google has released another crucial update for Chrome on desktop environments, addressing a significant zero-day vulnerability identified as CVE-2024-4761.
This high-risk security flaw, which involves an out-of-bounds write in the V8 JavaScript engine, was reported anonymously on May 9, 2024, and has been confirmed to be actively exploited.
CVE-2024-4761 affects Chrome's V8 engine—a critical component that processes JavaScript code. If exploited, this flaw could allow attackers to execute arbitrary code on the victim's machine, thereby gaining the ability to manipulate or steal data, or to install further malicious software without the user's knowledge.
This is not the first instance in recent days where Google had to manage vulnerabilities nearly in real-time. Just a few days earlier, on May 9, 2024, Google patched another serious issue—CVE-2024-4671—a use-after-free vulnerability in the Visuals component of Chrome. Like CVE-2024-4761, this earlier flaw was also actively exploited and reported by an anonymous source on May 7, 2024.
The rapid succession of vulnerabilities underscores the constant threat landscape that major software vendors like Google navigate regularly, and the hackers' relentless targeting of widely used tools like the Chrome browser.
According to the announcement by Daniel Yip from the Google Chrome team, restrictions on detailed bug information will remain until a substantial number of users have installed the update, a common practice aimed at reducing the risk of widespread exploitation. This approach also applies if the bug impacts third-party libraries used by other projects, which might not yet have addressed the flaw.
The updates rolling out to address these issues are:
- For CVE-2024-4761: Chrome version 124.0.6367.207/.208 for Mac and Windows, and 124.0.6367.207 for Linux.
- For CVE-2024-4671: Previously updated to Chrome version 124.0.6367.201/.202 for Mac and Windows, and 124.0.6367.201 for Linux.
Users are strongly advised to update their Chrome browsers to the latest versions as soon as possible to mitigate these risks. Staying updated is the most straightforward and effective defense against exploits targeting older software versions.
Chrome applies critical security updates automatically in the background, but users have to relaunch the program once after the update is downloaded for it to be applied. You can verify which version you're running by going to Settings > About Chrome.
Apple and Google Introduce Cross-Platform Unwanted Tracking Alerts
Leave a Reply