en
en Global
fr-be Belgium
da Denmark
fi Finland
de-de Germany
en-my Malaysia
nl Netherlands
no Norway
poland Poland
sv Sweden
en-gb UK
Free Trial
Back to all posts
Hacker attacks & exploits

Google Chrome Zero-Day Vulnerability Exploited in the Wild

In yesterday's advisory, Google warned about a critical flaw in its Chrome browser and confirmed that this zero-day vulnerability, its fifth since the start of 2024, has been exploited in the wild. Users of Google Chrome should follow our remediation recommendations below as soon as possible.
Nicola Albanese Nicola Albanese May 10, 2024
Google Chrome Zero-Day Vulnerability Exploited in the Wild

Understanding the Vulnerability: A Memory Issue in Chrome

The identified vulnerability (CVE-2024-4671) is classified as high-severity and has a CVSS v3.1 score of 9.8. It pertains to a “use after free” weakness within the browser's Visuals component, which is responsible for rendering and displaying content.

"Use after free" vulnerabilities are security flaws that occur when a program continues to use a part of the computer’s memory after it's been freed (i.e. memory that is given back for other programs to use). This can cause all sorts of problems. If the memory is changed or given to another program, the previous program using it again alongside the new program can lead to data leaks, code execution, or system crashes. This is because the freed memory may contain altered data or be repurposed by other software components.

Exploited in the Wild

Google's advisory acknowledges that "an exploit for CVE-2024-4671 exists in the wild,"  but has so far not released any additional details. Our Security Research team will continue to monitor this vulnerability and we will provide any updates in the Knowledge Base.

Read the Google Chrome Advisory

What's at Stake if I'm a Chrome User?

Successful exploitation of this vulnerability could allow a cybercriminal to obtain complete control over the host. Depending on the privileges associated with the user logged in during the attack, the cybercriminal could install programs, view, change, or delete data, or even create new accounts with full user rights.

Remediation is as Easy as 1, 2, 3

Google has tackled this issue through the rollout of version 124.0.6367.201/.202 for Mac/Windows and 124.0.6367.201 for Linux. These updates are slated to be progressively distributed over the coming days/weeks. For users on the ‘Extended Stable’ channel, the fixes will be integrated into version 124.0.6367.201 for Mac and Windows, with distribution scheduled for a later stage.

Chrome typically updates automatically when security patches become available. However, Chrome users should verify that they're on the latest version by following the steps below.

Yellow Circle 1In the Chrome browser, navigate to Settings > About Chrome.

Yellow Circle 2If an update is available, launch the update.

Yellow Circle 3Once the update is finished, click the Relaunch button to finalize the patch.

Users should also make sure that all future updates are set to occur automatically.

Find This Vulnerability with Holm Security VMP

The Holm Security Research Team has released a Network Vulnerability Test for Linux, MacOS, and Windows to detect this flaw.

  • HID-2-1-5357523 - Google Chrome < 124.0.6367.201 Use After Free Vulnerability

Read More in the Knowledge Base

 

Remember: the key to effective cyber security is proactive and swift action in the face of emerging threats.
Nicola Albanese

Nicola Albanese

Security Developer in our Security Research Team

Follow me on LinkedIn

Latest articles

Browse all posts