Google has up to date its Chrome browser to patch a high-severity zero-day vulnerability that enables attackers to execute malicious code on finish person gadgets. The repair marks the fifth time this 12 months the corporate has up to date the browser to guard customers from an present malicious exploit.
The vulnerability, tracked as CVE-2024-4671, is a “use after free,” a category of bug that happens in C-based programming languages. In these languages, builders should allocate reminiscence house wanted to run sure purposes or operations. They do that by utilizing “pointers” that retailer the reminiscence addresses the place the required knowledge will reside. As a result of this house is finite, reminiscence places ought to be deallocated as soon as the appliance or operation not wants it.
Use-after-free bugs happen when the app or course of fails to clear the pointer after releasing the reminiscence location. In some circumstances, the pointer to the freed reminiscence is used once more and factors to a brand new reminiscence location storing malicious shellcode planted by an attacker’s exploit, a situation that may outcome within the execution of this code.
On Thursday, Google mentioned an nameless supply notified it of the vulnerability. The vulnerability carries a severity ranking of 8.8 out of 10. In response, Google mentioned, it could be releasing variations 124.0.6367.201/.202 for macOS and Home windows and 124.0.6367.201 for Linux in subsequent days.
“Google is conscious that an exploit for CVE-2024-4671 exists within the wild,” the corporate mentioned.
Google didn’t present another particulars in regards to the exploit, comparable to what platforms have been focused, who was behind the exploit, or what they have been utilizing it for.
Counting this newest vulnerability, Google has mounted 5 zero-days in Chrome up to now this 12 months. Three of the earlier ones have been utilized by researchers within the Pwn-to-Personal exploit contest. The remaining one was for a vulnerability for which an exploit was obtainable within the wild.
Chrome mechanically updates when new releases grow to be obtainable. Customers can drive the replace or verify they’re working the newest model by going to Settings > About Chrome and checking the model and, if wanted, clicking on the Relaunch button.
Google has up to date its Chrome browser to patch a high-severity zero-day vulnerability that enables attackers to execute malicious code on finish person gadgets. The repair marks the fifth time this 12 months the corporate has up to date the browser to guard customers from an present malicious exploit.
The vulnerability, tracked as CVE-2024-4671, is a “use after free,” a category of bug that happens in C-based programming languages. In these languages, builders should allocate reminiscence house wanted to run sure purposes or operations. They do that by utilizing “pointers” that retailer the reminiscence addresses the place the required knowledge will reside. As a result of this house is finite, reminiscence places ought to be deallocated as soon as the appliance or operation not wants it.
Use-after-free bugs happen when the app or course of fails to clear the pointer after releasing the reminiscence location. In some circumstances, the pointer to the freed reminiscence is used once more and factors to a brand new reminiscence location storing malicious shellcode planted by an attacker’s exploit, a situation that may outcome within the execution of this code.
On Thursday, Google mentioned an nameless supply notified it of the vulnerability. The vulnerability carries a severity ranking of 8.8 out of 10. In response, Google mentioned, it could be releasing variations 124.0.6367.201/.202 for macOS and Home windows and 124.0.6367.201 for Linux in subsequent days.
“Google is conscious that an exploit for CVE-2024-4671 exists within the wild,” the corporate mentioned.
Google didn’t present another particulars in regards to the exploit, comparable to what platforms have been focused, who was behind the exploit, or what they have been utilizing it for.
Counting this newest vulnerability, Google has mounted 5 zero-days in Chrome up to now this 12 months. Three of the earlier ones have been utilized by researchers within the Pwn-to-Personal exploit contest. The remaining one was for a vulnerability for which an exploit was obtainable within the wild.
Chrome mechanically updates when new releases grow to be obtainable. Customers can drive the replace or verify they’re working the newest model by going to Settings > About Chrome and checking the model and, if wanted, clicking on the Relaunch button.