Google Releases Security Update for Vulnerability CVE-2024-4671

Security update addresses one high severity vulnerability in Google Chrome that has an exploit in the wild

Threat ID:: CC-4488
Threat Severity:: Medium
Published:: 10 May 2024 4:39 PM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Security update addresses one high severity vulnerability in Google Chrome that has an exploit in the wild

Affected platforms

The following platforms are known to be affected:

Google Chrome for Windows, macOS and Linux

All prior to 124.0.6367.201/.202 for Windows
All prior to 124.0.6367.201/.202 for Mac
All prior to 124.0.6367.201 for Linux

Threat details

Introduction

Google has released a security update which addresses a high severity vulnerability in Google Chrome for Windows, Mac, and Linux.

The high severity vulnerability, designated as CVE-2024-4671, relates to a use after free condition in Visuals. A remote attacker could exploit heap corruption via a specially crafted HTML page.

Exploit for CVE-2024-4671 in the wild

Google acknowledges that an exploit for CVE-2024-4671 exists in the wild

Remediation advice

Affected organisations are encouraged to review the Chrome Release 124.0.6367.201 advisory and apply the necessary updates to the latest release.

Definitive source of threat updates

https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_9.html

CVE Vulnerabilities

Status Published

CVE-2024-4671

Use after free in Visuals in Google Chrome prior to 124.0.6367.201 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Last edited: 10 May 2024 4:43 pm