Flash Notice: Google Patches Actively Exploited Zero-Day - CVE-2024-4761

overview

Google has just released emergency security updates for the Chrome browser to address a critical zero-day vulnerability. This latest vulnerability, tracked as CVE-2024-4761 (CVSS 8.8), has been actively exploited in attacks. 

The vulnerability stems from an out-of-bounds write issue within Chrome's V8 JavaScript engine, responsible for executing JavaScript code within the browser. This kind of vulnerability can lead to unauthorized data access, arbitrary code execution, or even crashes of the application. 

CVE-2024-4761 has been addressed by Google and the company recommends ensuring Chrome browsers are updated to version 124.0.6367.207/.208 for Mac/Windows and 124.0.6367.207 for Linux. The updates will be rolled out to users over the coming days/weeks. For users on the 'Extended Stable' channel, fixes will be available in version 124.0.6367.207 for Mac and Windows. 

avertium's recommendationS

• While Chrome typically updates automatically, you can confirm you are running the latest version by navigating to Settings > About Chrome.  
  • If an update is available, allow it to finish, and then click on the 'Relaunch' button to apply the update. 
• See Google’s advisory for more information regarding updates. 

INDICATORS OF COMPROMISE (IoCs)

At this time, there are no known IoCs associated with CVE-2024-4761. Avertium remains vigilant in locating IoCs for our customers. Should any be located, Avertium will disclose them as soon as possible. For more information on how Avertium can help protect your organization, please reach out to your Avertium Service Delivery Manager or Account Executive.   

How Avertium is Protecting Our CUSTOMERS

SUPPORTING DOCUMENTATION