Google Patches Fifth Zero-Day Exploit in Chrome This Year

2 Mins Read

PureVPNNewsGoogle Patches Fifth Zero-Day Exploit in Chrome This Year

Google has announced a critical security update to address a newly discovered zero-day vulnerability in Chrome. This marks the fifth such exploit identified and acted upon by Google this year. The vulnerability, known for its potential to compromise user data and system integrity, was promptly tackled to prevent any widespread damage.

What is CVE-2024-4671?

The newly identified threat, classified as CVE-2024-4671, involves a “use-after-free” vulnerability within Chrome’s Visuals component. This component is essential for rendering and displaying content on the browser. 

The vulnerability was initially detected by an anonymous researcher and reported to Google. The company has confirmed its active exploitation, stating, “Google is aware that an exploit for CVE-2024-4671 exists in the wild.”

Use-after-free vulnerabilities occur when a program continues to use a pointer to memory that has already been freed. This can lead to unintended behaviors like data leakage, unauthorized code execution, or software crashes, as the memory might have been repurposed or altered.

Update Your Chrome Browser

To fix this vulnerability, Google has issued updates numbered 124.0.6367.201/.202 for Mac and Windows, and 124.0.6367.201 for Linux users. These updates are being rolled out gradually. Users on the ‘Extended Stable’ channel can expect to receive version 124.0.6367.201 for both Mac and Windows soon.

Chrome will update automatically, but to ensure you are protected, you can manually check your version: simply go to Settings > About Chrome. After the update installs, a ‘Relaunch’ button will appear – click it to activate the new version.

Other Chrome Zero-Day Vulnerabilities Fixed in 2024

Here is a breakdown of the other vulnerabilities fixed in Chrome this year:

  • CVE-2024-0519: This involves an out-of-bounds memory access flaw within Chrome’s V8 JavaScript engine, which could let attackers corrupt the heap memory via a specially crafted HTML page to access sensitive data.
  • CVE-2024-2887: Identified in the WebAssembly (Wasm) standard, this type confusion flaw could enable remote code execution through a manipulated HTML page.
  • CVE-2024-2886: This use-after-free vulnerability in the WebCodecs API could allow attackers to execute arbitrary reads and writes through malicious HTML pages, leading to potential remote code execution.
  • CVE-2024-3159: Another critical vulnerability in the V8 JavaScript engine where an out-of-bounds read could let attackers access data beyond the allocated memory, resulting in possible heap corruption and data theft.
author

Anas Hasan

date

May 10, 2024

time

1 year ago

Anas Hassan is a tech geek and cybersecurity enthusiast. He has a vast experience in the field of digital transformation industry. When Anas isn’t blogging, he watches the football games.

Related Stories

Arizona Sees Surge in VPN Demand After Age Verification Laws Take Effect

Arizona Sees Surge in VPN Demand After Age Verification Laws Take Effect
Posted on October 8, 2025
A Single Password Breach Shut Down a 158 Year Old Business

A Single Password Breach Shut Down a 158 Year Old Business
Posted on October 7, 2025
Nepal Social Media Ban: How to Access Facebook, Instagram, and YouTube Safely

Nepal Social Media Ban: How to Access Facebook, Instagram, and YouTube Safely
Posted on September 5, 2025

Have Your Say!!