overview
A zero-day vulnerability, tracked as CVE-2024-4671, has been discovered in Google Chrome and is actively being exploited in the wild. This high-severity vulnerability is a use-after-free issue in the Visuals component.
Use-after-free vulnerabilities occur when a program improperly references memory after it has been deallocated, potentially leading to crashes or even remote code execution. Depending on the permissions granted to the user, an attacker might be able to execute various actions, including installing software, accessing, modifying, or deleting data, or even creating new accounts with complete user privileges. Those operating with limited user rights may experience less severe consequences compared to those with administrative privileges.
Google has responded to the vulnerability by releasing security updates. It's important to note that this vulnerability is not limited to Chrome. Users of Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi are also advised to apply the necessary updates as soon as they become available.
INDICATORS OF COMPROMISE (IoCs)
At this time, there are no known IoCs associated with CVE-2024-4671. Avertium remains vigilant in locating IoCs for our customers. Should any be located, Avertium will disclose them as soon as possible. For more information on how Avertium can help protect your organization, please reach out to your Avertium Service Delivery Manager or Account Executive.
SUPPORTING DOCUMENTATION