overview

Google has just released emergency security updates for the Chrome browser to address a critical zero-day vulnerability. This latest vulnerability, tracked as CVE-2024-4761 (CVSS 8.8), has been actively exploited in attacks. 

The vulnerability stems from an out-of-bounds write issue within Chrome's V8 JavaScript engine, responsible for executing JavaScript code within the browser. This kind of vulnerability can lead to unauthorized data access, arbitrary code execution, or even crashes of the application. 

CVE-2024-4761 has been addressed by Google and the company recommends ensuring Chrome browsers are updated to version 124.0.6367.207/.208 for Mac/Windows and 124.0.6367.207 for Linux. The updates will be rolled out to users over the coming days/weeks. For users on the 'Extended Stable' channel, fixes will be available in version 124.0.6367.207 for Mac and Windows. 

 

 

avertium's recommendationS

  • While Chrome typically updates automatically, you can confirm you are running the latest version by navigating to Settings > About Chrome 
    • If an update is available, allow it to finish, and then click on the 'Relaunch' button to apply the update. 
  • See Google’s advisory for more information regarding updates. 

 

 

INDICATORS OF COMPROMISE (IoCs)

At this time, there are no known IoCs associated with CVE-2024-4761. Avertium remains vigilant in locating IoCs for our customers. Should any be located, Avertium will disclose them as soon as possible. For more information on how Avertium can help protect your organization, please reach out to your Avertium Service Delivery Manager or Account Executive.   

 

 

How Avertium is Protecting Our CUSTOMERS

Fusion MXDR  is the first MDR offering that fuse together all aspects of security operations into a living, breathing, threat-resistant XDR solution. By fusing insights from threat intelligence, security assessments, and vulnerability management into our MDR approach, Fusion MXDR offers a more informed, robust, and cost-effective approach to cybersecurity – one that is greater than the sum of its parts.  




 

SUPPORTING DOCUMENTATION

Chrome Releases: Stable Channel Update for Desktop (googleblog.com) 

Google fixes sixth actively exploited Chrome zero-day this year (securityaffairs.com) 

Google Chrome emergency update fixes 6th zero-day exploited in 2024 (bleepingcomputer.com) 

 

Chat With One of Our Experts




Zero-Day Vulnerability Flash Notice Google Chrome Google Chrome Vulnerability Google Zero-Day Blog