fbpx

On Monday, Google issued emergency patches to address a newly discovered zero-day vulnerability in the Chrome web browser. This critical flaw, identified as CVE-2024-4761, affects the V8 JavaScript and WebAssembly engine and has already been exploited by malicious actors in the wild.

Initially reported anonymously on May 9, 2024, this out-of-bounds write vulnerability poses a significant security risk and underscores the importance of promptly updating Chrome to mitigate potential exploitation.

Get a Chrome update when available

Out-of-bounds write flaws are commonly exploited by malicious actors to manipulate data, induce crashes, or execute arbitrary code on compromised hosts.

In a statement, Google acknowledged the existence of an exploit for CVE-2024-4761 in the wild, underscoring the urgency for users to update their Chrome browsers immediately to mitigate the risk of exploitation.

To prevent further exploitation of the vulnerability, it has been decided to withhold additional information about the nature of the attacks.

CVE-2024-4671, identified as a use-after-free vulnerability in the Visuals component, has been exploited in real-world attacks. This revelation follows shortly after the issue was addressed by the company through a patch.

Since the start of the year, Google has addressed six zero-day vulnerabilities, three of which were showcased at the Pwn2Own hacking competition held in Vancouver in March. The most recent update encompasses fixes for all these vulnerabilities, reflecting the company’s commitment to enhancing security measures.

Several vulnerabilities have been identified in Google Chrome, including:

  • CVE-2024-0519: This vulnerability allows for out-of-bounds memory access in the V8 engine.
  • CVE-2024-2886: A use-after-free vulnerability in WebCodecs.
  • CVE-2024-2887: Type confusion vulnerability in WebAssembly.
  • CVE-2024-3159: Another instance of out-of-bounds memory access in V8.
  • CVE-2024-4671: A use-after-free flaw in Visuals, actively exploited.

To mitigate these risks, users are strongly advised to upgrade to Chrome version 124.0.6367.207/.208 for Windows and macOS, as well as version 124.0.6367.207 for Linux.

Additionally, users of browsers based on Chromium, including Microsoft Edge, Brave, Opera, and Vivaldi, are strongly advised to promptly update their browsers with the latest patches as soon as they become available.

THIS MAY ALSO BE OF INTEREST TO YOU! LockBit Ransomware Shut Down

In conclusion, the recent identification and patching of critical vulnerabilities in Google Chrome underscore the ongoing importance of robust cybersecurity measures. By promptly updating to the latest versions of Chrome and other Chromium-based browsers, users can better protect themselves against potential threats and ensure a safer browsing experience.

MANAGED CYBERSECURITY SOLUTIONS

Rhyno delivers a range of activities that combine to fully protect your infrastructure and data from cybercriminals, anywhere and everywhere, 24/7/365.

GO TO CYBERSECURITY SOLUTIONS

About Rhyno Cybersecurity Services

Rhyno Cybersecurity is a Canadian-based company focusing on 24/7 Managed Detection and Response, Penetration Testing, Enterprise Cloud, and Cybersecurity Solutions for small and midsize businesses.

Our products and services are robust, innovative, and cost-effective. Underpinned by our 24x7x365 Security Operations Centre (SOC), our experts ensure you have access to cybersecurity expertise when you need it the most.

Privacy Preference Center