The identified vulnerability (CVE-2024-4671) is classified as high-severity and has a CVSS v3.1 score of 9.8. It pertains to a “use after free” weakness within the browser's Visuals component, which is responsible for rendering and displaying content.
"Use after free" vulnerabilities are security flaws that occur when a program continues to use a part of the computer’s memory after it's been freed (i.e. memory that is given back for other programs to use). This can cause all sorts of problems. If the memory is changed or given to another program, the previous program using it again alongside the new program can lead to data leaks, code execution, or system crashes. This is because the freed memory may contain altered data or be repurposed by other software components.
Google's advisory acknowledges that "an exploit for CVE-2024-4671 exists in the wild," but has so far not released any additional details. Our Security Research team will continue to monitor this vulnerability and we will provide any updates in the Knowledge Base.
Read the Google Chrome Advisory
Successful exploitation of this vulnerability could allow a cybercriminal to obtain complete control over the host. Depending on the privileges associated with the user logged in during the attack, the cybercriminal could install programs, view, change, or delete data, or even create new accounts with full user rights.
Google has tackled this issue through the rollout of version 124.0.6367.201/.202 for Mac/Windows and 124.0.6367.201 for Linux. These updates are slated to be progressively distributed over the coming days/weeks. For users on the ‘Extended Stable’ channel, the fixes will be integrated into version 124.0.6367.201 for Mac and Windows, with distribution scheduled for a later stage.
Chrome typically updates automatically when security patches become available. However, Chrome users should verify that they're on the latest version by following the steps below.
Users should also make sure that all future updates are set to occur automatically.
The Holm Security Research Team has released a Network Vulnerability Test for Linux, MacOS, and Windows to detect this flaw.
Read More in the Knowledge Base
Remember: the key to effective cyber security is proactive and swift action in the face of emerging threats.