Google has for the Chrome browser to fix a zero-day vulnerability exploit that was used by threat actors. This is the fifth time this year that the company has had to issue a patch for one of these vulnerabilities, .

“Google is aware that the exploit for CVE-2024-4671 exists in the wild,” the company said in a brief advisory. He did not release any details about the real-world nature of the attack or the identity of those involved in the threat. This is usual for Google, as it likes to wait until most users have updated the software before announcing specific details.

We know a few things about the exploit. It is classified as a “high severity issue” and a “user after free” vulnerability. These errors occur when a program references a memory location after it has been freed, leading to very serious consequences from a crash to arbitrary code execution. The CVE-2024-4671 vulnerability appears to be attached to the visual component that controls the rendering and display of content in the browser.

The exploit was discovered and reported to Google by an anonymous researcher. The patch is available for Mac, Windows, and Linux, and updates will continue to roll out to users in the coming days and weeks. Chrome is automatically updated with security fixes, so users can confirm they’re using the latest version of the browser by going to Settings and About Chrome. Users of Chromium-based browsers such as Microsoft Edge, Brave, Opera and Vivaldi should also update to a new version as soon as they are available.

As stated, this is the fifth such flaw addressed by Google this year. I don’t mean “within the last calendar year”. I mean in 2024. Three were revealed in March at the Pwn2Own hacking competition in Vancouver. It’s not a record or anything. Google discovered and fixed back in 2020.

Zero-day exploits are a constant thorn in Google’s side. These are a type of cyberattack that takes advantage of an unknown or unaddressed security flaw in computer software, hardware, or firmware. The company typically pays big bucks for bug detection as part of its .

https://www.engadget.com/google-just-patched-the-fifth-zero-day-exploit-for-chrome-this-year-153723334.html?src=rss