Google releases an emergency update for Chrome

In response to the discovery of a serious vulnerability, Google has released an urgent update for its Chrome browser. The flaw, identified as CVE-2024-4671, belongs to the category of use-after-free errors related to the web page rendering component. This type of vulnerability could allow attackers to execute arbitrary code within the browser, putting the user's entire operating system at risk.

Vulnerability and exploit details

An anonymous cybersecurity researcher detected and reported the issue to Google on May 7, 2024. The company quickly responded by confirming that there is an exploit already used to exploit this flaw, although no further details regarding the attacks or the attackers were disclosed involved. The recommendation for users is to immediately update their browser to the latest version: 124.0.6367.201/.202 for Windows and macOS users, and 124.0.6367.201 for Linux users.

Previous Chrome vulnerabilities this year

This year, Google has already had to address and resolve several other security issues related to Chrome. In January, an out-of-bounds array access issue in the JavaScript and WebAssembly V8 engine (CVE-2024-0519, with a CVSS score of 8.8) raised concerns that it could lead to sensitive information disclosure . Additionally, during the Pwn2Own event in March in Vancouver, three more vulnerabilities were identified: misuse of already freed resources in WebCodecs (CVE-2024-2886), type confusion in WebAssembly (CVE-2024-2887 ), and another out-of-bounds access issue in V8 (CVE-2024-3159).

Recommendations for other Chromium-based browsers as well

Given the nature of Chrome's source code, based on Chromium, the recommendation to proceed with updates also extends to users of other browsers that share the same base, such as Microsoft Edge, Brave, Opera and Vivaldi. Keeping software updated is crucial to protecting users' data and cybersecurity in the face of increasingly sophisticated and frequent threats.