Google this week released security updates to address a zero-day flaw, tracked as CVE-2024-4671, in Chrome browser. The vulnerability is the fifth zero-day flaw in the Google browser that is exploited in the wild since the start of the year.
The vulnerability is a use-after-free issue that resides in the Visuals component. The flaw was reported by an anonymous researcher on May 7, 2024.
“Google is aware that an exploit for CVE-2024-4671 exists in the wild.” reads the published by Google. As usual, the IT giant has not revealed details about the attacks exploiting this vulnerability.
The company addressed the vulnerability with the release of 124.0.6367.201/.202 for Mac/Windows and 124.0.6367.201 for Linux, with the updates rolling out over the coming days/weeks.
Below is the list of actively exploited zero-day in the Chrome browser that have been fixed this year:
Follow me on Twitter: and and Mastodon
(SecurityAffairs – hacking, Google)