Google recently announced the patching of a high-severity vulnerability, tracked as CVE-2024-4671, in its Chrome browser. This vulnerability, described as a case of use-after-free in the Visuals component, was reported by an anonymous researcher on May 7, 2024.

Understanding the Vulnerability

Use-after-free bugs occur when a program attempts to reference a memory location after it has been deallocated. These bugs can have severe consequences, ranging from system crashes to arbitrary code execution.

Google’s Response

This latest development marks the addressing of two actively exploited zero-day vulnerabilities in Chrome since the beginning of the year. In January, Google patched an out-of-bounds memory access issue in the V8 JavaScript and WebAssembly engine (CVE-2024-0519, CVSS score: 8.8) that had the potential to cause crashes.

Additional Zero-Day Vulnerabilities

In addition to CVE-2024-4671, Google also addressed three other zero-day vulnerabilities that were disclosed during the Pwn2Own hacking contest in Vancouver in March.

Google’s Advisory

Google acknowledged the existence of an exploit for CVE-2024-4671 in the wild but provided limited details about the nature of the exploit or the threat actors behind it.

The prompt response from Google to address the CVE-2024-4671 vulnerability underscores the company’s commitment to maintaining the security of its browser. Users are encouraged to update their Chrome installations promptly to mitigate the risks associated with this vulnerability.