Google fixes fifth Chrome zero-day exploited in attacks this year

Google patched CVE-2024-4671, the fifth zero-day vulnerability in Chrome this year. It’s a high-severity “user after free” flaw in the Visuals component. Citrix warned admins of the PuTTY SSH client bug. The exploit for CVE-2024-4671 is active, but details are scant. Use after-free flaws occur when a program accesses freed memory, leading to data leakage, code execution, or crashes. Google fixed this in Chrome versions 124.0.6367.201/.202 for Mac/Windows and 124.0.6367.201 for Linux. Users can confirm updates in Settings > About Chrome. This marks the fifth zero-day fixed in 2024, including vulnerabilities from the March Pwn2Own contest:

CVE-2024-0519: High-severity out-of-bounds memory access in Chrome V8 JavaScript engine.

CVE-2024-2887: High-severity type confusion in WebAssembly.

CVE-2024-2886: Use-after-free in WebCodecs API.

CVE-2024-3159: High-severity out-of-bounds read in Chrome V8 JavaScript engine.

Google fixes fifth Chrome zero-day exploited in attacks this year

Solutions

Services

Services

Knowledge

Solutions

Industries

Contact

Invinsense

About

INDIA | Ahmedabad

INDIA | Chennai

INDIA | Kochi

INDIA | Thane

UK | London

USA | New York

KUWAIT

SRI LANKA

Address

Google fixes fifth Chrome zero-day exploited in attacks this year

10-May-24

Solutions

Services

Services

Knowledge

Solutions

Industries

Contact

Invinsense

About

INDIA | Ahmedabad

INDIA | Chennai

INDIA | Kochi

INDIA | Thane

UK | London

USA | New York

KUWAIT

SRI LANKA

Address