Heimdal
article featured image

Contents:

Google released a patch for a new zero-day this Monday, four days after addressing another vulnerability exploited in the wild.

The latest Chrome zero-day is tracked as CVE-2024-4671. Security specialists described it as a high-severity out-of-bounds write flaw in the V8 JavaScript and WebAssembly engine.

For the moment, Google won’t disclose details, to allow users enough time to patch and close the vulnerability. However, they acknowledged that an exploit is currently available in the wild.

Exploiting CVE-2024-4671 can enable a threat actor to evade sandboxing. Darkreading.com explained that the new Google Chrome zero-day vulnerability:

allows a remote attacker who has compromised the renderer process to potentially perform a sandbox escape (which means moving beyond the browser tab to pivot to other Web apps or the network) via a crafted HTML page.

Source – Darkreading.com

Hackers exploit out-of-bounds write vulnerabilities, such as CVE-2024-4671, for:

CVE-2024-4671 was the sixth zero-day affecting Google Chrome this year.

Details on the previous Chrome zero-day

On Thursday, May 9th, Google patched another high-severity zero-day, tracked CVE-2024-4671. This one is also exploited in the wild, so Chrome users should apply patches as soon as possible.

CVE-2024-4671 is a use-after-free bug residing in the Visuals component. This type of vulnerabilities happen if a program references a memory location after it has been deallocated. Hackers can use it to induce a crash or for arbitrary code execution.

How to keep safe from Google Chrome zero-days

The tech giant urged users to upgrade their browsers:

  • to Chrome version 124.0.6367.201/.202 for Windows and macOS
  • to Chrome version 124.0.6367.201 for Linux

Additionally, users should keep an eye on available patches for Chromium-based browsers. Microsoft Edge, Brave, Opera, and Vivaldi could also be vulnerable.

If you liked this article, follow us on LinkedIn, Twitter, Facebook, and Youtube, for more cybersecurity news and topics.

Author Profile

Livia Gyongyoși

Communications and PR Officer

Livia Gyongyoși is a Communications and PR Officer within Heimdal®, passionate about cybersecurity. Always interested in being up to date with the latest news regarding this domain, Livia's goal is to keep others informed about best practices and solutions that help avoid cyberattacks.

CHECK OUR SUITE OF 11 CYBERSECURITY SOLUTIONS

SEE MORE