Google Sounds Warning For Major Chrome Zero Day Flaw, Patch ASAP

Pile of Google Chrome browser logos, one of which has a bandaid applied.
Billions of Google Chrome browser users around the globe are urged to apply the latest security update, which contains a fix for a nasty exploit with a high severity rating. Dubbed CVE-2024-4671, the security flaw is described as a "user after free" vulnerability Chrome's Visual component that handles rendering and displaying content

Left unpatched, a remote attacker without physical access to a system would be able to compromise the render process "to potentially perform a sandbox escape via a crafted HTML page," hence the High security rating. Put another way, a user running a vulnerable (unpatched) Chrome build could suffer a range of undesirable consequences simply by visiting a malicious website, with a browser crash being the best case scenario.

In more severe cases, a remote attacker could run arbitrary code on an affected system to install malware or steal data. And more than just a theoretical or proof-of-concept threat, Google stated in an advisory that it is aware of hackers actively exploiting CVE-2024-4671 in the wild.

Full details of the vulnerability are being kept under lock and key by Google for the moment, which is standard practice for this sort of thing—Google isn't keen on spilling on the beans until enough a large percentage of users have been able to update their browser for immunity against the threat.

Therein also lies some good news, with Google wasting little time doling out a fix. Most Chrome browsers will fetch updates automatically, but in these cases, it's best to manually check for and install the latest security patch. You can do this by clicking on the three vertical dots in the upper-right corner and selecting Help > About Google Chrome. You'll then be prompted to relaunch the browser, which will reload all of your open tabs in the process.

Google Chrome About pages showing the version number.

In Windows, the latest update brings the official build to version 124.0.6367.202 at the time of this writing. Chrome versions prior to 124.0.6367.201 are vulnerable to CVE-2024-4671.

Chrome is by far the most dominant browser on the planet as it relates to market share. According to the latest figures from StatCounter, Chrome's worldwide market share is over 65%, with Safari sitting a distant second place at 18.12%.