CVE-2024-4761: New Chrome Zero-Day Vulnerability Under Active Exploitation

In response to a fresh zero-day vulnerability in the Chrome web browser that is being actively exploited in the wild, Google released emergency remedies on Monday.

Outside the bounds Malicious actors could usually use write defects to damage data, cause a crash, or run arbitrary code on vulnerable computers.

To stop more threat actors from using the vulnerability as a weapon, more information regarding the nature of the attacks has been kept secret. The information was released just a few days after the business addressed CVE-2024-4671, a Visuals component use-after-free vulnerability that has also been used in real-world assaults. Three of the zero-days that were fixed at the Pwn2Own hacking competition in Vancouver in March were among the six zero-days that Google has fixed since the beginning of the year with the most recent patch.

Out-of-bounds memory access in V8 is identified as CVE-2024-0519 (currently exploited)

Use-after-free in WebCodecs: CVE-2024-2886

Type misunderstanding in WebAssembly (CVE-2024-2887)

V8 Out-of-bounds Memory Access CVE-2024-3159

CVE-2024-4671: Actively exploited use-after-free vulnerability in Visuals

To reduce possible risks, users are advised to update to Chrome versions 124.0.6367.207/.208 for Windows and macOS and 124.0.6367.207 for Linux. It's also recommended that users of Chromium-based browsers like Vivaldi, Microsoft Edge, Brave, Opera, and Opera update the changes as soon as they become available.