overview

A zero-day vulnerability, tracked as CVE-2024-4671, has been discovered in Google Chrome and is actively being exploited in the wild. This high-severity vulnerability is a use-after-free issue in the Visuals component. 

Use-after-free vulnerabilities occur when a program improperly references memory after it has been deallocated, potentially leading to crashes or even remote code execution. Depending on the permissions granted to the user, an attacker might be able to execute various actions, including installing software, accessing, modifying, or deleting data, or even creating new accounts with complete user privileges. Those operating with limited user rights may experience less severe consequences compared to those with administrative privileges. 

Google has responded to the vulnerability by releasing security updates. It's important to note that this vulnerability is not limited to Chrome. Users of Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi are also advised to apply the necessary updates as soon as they become available. 

 

 

avertium's recommendationS

According to Google’s advisory, the Stable channel has been updated to 124.0.6367.201/.202 for Mac and Windows and 124.0.6367.201 for Linux which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log.  

 

 

INDICATORS OF COMPROMISE (IoCs)

At this time, there are no known IoCs associated with CVE-2024-4671. Avertium remains vigilant in locating IoCs for our customers. Should any be located, Avertium will disclose them as soon as possible. For more information on how Avertium can help protect your organization, please reach out to your Avertium Service Delivery Manager or Account Executive.   

 

 

How Avertium is Protecting Our CUSTOMERS

  • Expanding endpoints, cloud computing environments, and accelerated digital transformation have decimated the perimeter in an ever-expanding attack surface. Avertium offers Attack Surface Management, so you’ll have no more blind spots, weak links, or fire drills. See every threat in your attack surface, every device, every entry point, and every vulnerability. Our Attack Surface Management services include:  
    • Risk Assessments 
    • Pen Testing and Social Engineering  
    • Infrastructure Architecture and Integration  
    • Zero Trust Network Architecture 
    • Vulnerability Management 




 

SUPPORTING DOCUMENTATION

Chrome Zero-Day Alert — Update Your Browser to Patch New Vulnerability (thehackernews.com) 

Chrome Releases: Stable Channel Update for Desktop (googleblog.com) 

 
Chat With One of Our Experts



Zero-Day Vulnerability Flash Notice Google Chrome Google Chrome Vulnerability Google Zero-Day Google Vulnerability Blog