Tech

Chrome Users Beware: New Zero-Day Vulnerability (CVE-2024-4761)

Chrome Users Beware: New Zero-Day Vulnerability (CVE-2024-4761)

Published on May 16th, 2024

Google has released emergency patches to address a critical zero-day vulnerability (CVE-2024-4761) actively exploited in the wild.

This high-severity flaw resides within Chrome’s V8 JavaScript and WebAssembly engine, a core component responsible for processing web page scripts.

Understanding CVE-2024-4761: An Out-Of-Bounds Write Vulnerability

The vulnerability, classified as an out-of-bounds write bug, empowers malicious actors to potentially corrupt critical data, crash the application, or even execute arbitrary code on compromised systems.

This grants attackers unauthorized control over the affected device, enabling them to steal sensitive information, deploy malware, or disrupt system functionalities.

Google Responds Swiftly, But Details Remain Limited

Google has acknowledged the existence of a working exploit targeting this vulnerability.

However, specifics regarding the exploit’s nature are being withheld to prevent further exploitation by other malicious actors.

This approach aims to limit the window of opportunity for attackers while a majority of users receive the security update.

Six Chrome Zero-Days Patched In 2024: A Concerning Trend

This latest discovery marks the sixth zero-day vulnerability patched by Google in Chrome so far this year.

Three of these vulnerabilities were even publicly demonstrated at the Pwn2Own hacking contest earlier in March, highlighting the escalating focus on browser vulnerabilities by attackers.

Protecting Yourself: Update Chrome Immediately

To mitigate potential threats posed by CVE-2024-4761, Chrome users are urged to update their browsers to the latest version:

  • Windows & macOS: Chrome version 124.0.6367.207/.208
  • Linux: Chrome version 124.0.6367.207 (available in the coming days/weeks)

It’s crucial to note that users of Chromium-based browsers like Microsoft Edge, Brave, Opera, and Vivaldi should also apply the updates once available from their respective vendors.