Google Chrome has been updated with fixes for a zero-day security flaw that was being actively exploited in the wild, according to the search giant. The vulnerability affects a component in Chrome that renders web content on a user’s screen, allowing attackers to take advantage of a user’s computer when a user visits a maliciously crafted website. Chrome users on all desktop computer platforms will need to ensure that their browser is updated to the latest version in order to ensure that they are safe.
According to details shared by the company in a blog post, the latest stable versions of Google Chrome for Windows, macOS, and Linux includes a fix for a security flaw with a ‘High’ severity rating. Google says it has patched a use after free vulnerability (CVE-2024-4671) is related to the Visuals component on Chrome, reported by an anonymous external researcher.
A use after free vulnerability would allow an attacker to access out-of-bounds-memory when a user visits a malicious crafted webpage, by taking advantage of the vulnerability. This would allow them to access data remotely, or gain access to and control the system.
Notably, Google’s blog post also states that the company “is aware that an exploit for CVE-2024-4671 exists in the wild.” As a result, it is imperative that users make sure that they are running on the latest stable version of Chrome — version 124.0.6367.201/.202 for Windows and macOS, and version 124.0.6367.201 for Linux computers.
On Windows, users can click on the three-dot menu at the top right corner of the screen, then click on Help > About Google Chrome, then click on Update Google Chrome — if this button isn’t visible, that means the latest version of Chrome has already been installed. macOS users can also select the Automatically update Chrome for all users option in the same menu to get the latest updates, while Linux users will need to get automatic updates via their package manager.