In a swift response to a high-severity security threat, Google has issued emergency updates for its Chrome browser, addressing the sixth zero-day vulnerability exploited this year. The update, now available as version 124.0.6367.207/.208 for Mac and Windows and 124.0.6367.207 for Linux, fixes a critical out-of-bounds write flaw in Chrome’s V8 JavaScript engine.

The newly identified vulnerability tracked as CVE-2024-4761, involves an out-of-bounds write issue, which can occur when a program writes data outside the allocated array or buffer. This flaw could potentially lead to unauthorised data access, arbitrary code execution, or program crashes. Google has confirmed that this exploit has been used in the wild, highlighting the urgency of the update.
This emergency fix follows closely with another zero-day vulnerability, CVE-2024-4671, addressed just three days prior. That vulnerability stemmed from a use-after-free weakness in Chrome’s Visuals component.

Google’s advisory emphasises the critical nature of these updates: “Google is aware that an exploit for CVE-2024-4761 exists in the wild.” The advisory also notes that an anonymous researcher reported the flaw on May 9, 2024. To protect user security, Google will restrict access to detailed information about the bug until most users have updated their browsers.

How to Update Google Chrome

Chrome typically updates automatically when new security updates are available. However, users can manually ensure they are running the latest version by navigating to Settings > About Chrome, allowing the update to complete, and then clicking the ‘Relaunch’ button to apply it.

History of Chrome Zero-Day Vulnerabilities in 2024

This latest fix marks the sixth zero-day vulnerability patched by Google Chrome this year. The previously addressed vulnerabilities include:

• CVE-2024-0519: A high-severity out-of-bounds memory access flaw in the V8 JavaScript engine, potentially leading to unauthorised access to sensitive information.
• CVE-2024-2887: A type confusion flaw in the WebAssembly (Wasm) standard allows remote code execution via a crafted HTML page.
• CVE-2024-2886: A use-after-free vulnerability in the WebCodecs API, exploited to perform arbitrary reads and writes through crafted HTML pages.
• CVE-2024-3159: An out-of-bounds read issue in the V8 JavaScript engine, leading to heap corruption and potential data leakage.
• CVE-2024-4671: A use-after-free flaw in the Visuals component affecting content rendering and display.

Importance of Prompt Updates

Regular updates are crucial in maintaining web browser security against emerging threats. Google’s rapid response to these vulnerabilities underscores the importance of user vigilance and timely updates. Users must update their Chrome browsers immediately to protect against these exploits.

For more detailed information, visit BleepingComputer’s report and the official Google Chrome Releases blog.

Stay informed and stay safe with Inside Traffic.

About Inside Traffic

Inside Traffic is your go-to source for the latest cybersecurity news, expert insights, and practical advice on protecting your digital world. Visit us at insidetraffic.in for more updates and information.