Exploited Chrome Zero-Day Patched by Google

Exploited Chrome Zero-Day Patched by Google

May 10, 2024 at 08:45AM

Google released Chrome 124 update, addressing a zero-day vulnerability, tracking as CVE-2024-4671, a high-severity use-after-free bug in the Visuals component. The patch came just two days after the bug was reported by an anonymous researcher. No bug bounty information was provided. This is the second Chrome vulnerability of 2024 being exploited.

From the meeting notes, here are the key takeaways:

– Google released Chrome 124 update on Thursday to patch a zero-day vulnerability identified as CVE-2024-4671 in the Visuals component, which has been described as a high-severity use-after-free bug.

– The vulnerability was reported by an anonymous researcher on May 7, and a patch was released within two days.

– No information is provided regarding a bug bounty for this vulnerability.

– Although no specific details about attacks exploiting CVE-2024-4671 are available, it is mentioned that Chrome vulnerabilities are often targeted by commercial spyware vendors.

– The patch for CVE-2024-4671 is included in Chrome 124.0.6367.201/.202 for Mac and Windows and Chrome 124.0.6367.201 for Linux.

– Google has reported that this is the second Chrome vulnerability of 2024 that has been exploited in malicious attacks, with the first one being CVE-2024-0519, which was patched in January.

– A recent report by Google and Mandiant indicated that 97 zero-day vulnerabilities were exploited in the wild in 2023, with eight of them targeting Chrome. It was also noted that 75% of known zero-day exploits targeting Google products and Android ecosystem devices in 2023 were attributed to spyware vendors.

These takeaways outline the details of the zero-day vulnerability, the patch released, and the context of Chrome vulnerabilities being targeted by malicious actors.

Full Article