Google Chrome: Exploit for zero-day vulnerability spotted

There is a gaping security hole in Google's Chrome web browser for which an exploit exists. Google is responding with an emergency update.

Security gaps in Google Chrome put users at risk.

(Bild: Bild erstellt mit KI in Bing Designer durch heise online / dmk)

May 11, 2024 at 9:20 pm CEST

2 min. read

Security

By

Dirk Knop

This article was originally published in German and has been automatically translated.

Google is warning of a security vulnerability in the Chrome web browser. There are exploits for this in the wild, the company explains: "Google is aware that an exploit for CVE-2024-4671 exists in the wild".

In the release announcement, Google's developers write that its so-called use-after-free vulnerability is gaping in the Visuals component (CVE-2024-4671, no CVSS value, risk"high" according to Google). With this type of vulnerability, the program code releases resources so that their contents are no longer defined - and then incorrectly accesses them again. With a little skill, attackers can often misuse this to infiltrate and execute malicious code.

High-risk vulnerability with exploit in the wild

The risk rating in turn suggests that malicious actors can attack the vulnerability with a carefully crafted website, for example. The vulnerability was reported to Google on Tuesday, May 7; the programmers completed an update on Thursday of that week. Versions 124.0.6367.201/.202 of Google Chrome for macOS and Windows and 124.0.6367.201 for Linux no longer contain the bug.

The developers have also updated the extended stable versions for macOS and Linux to 124.0.6367.201.

Update check

The version dialog reveals whether the browser has already been brought up to date by the automatic update. This can be accessed by clicking on the browser settings menu, which is located behind the symbol with three stacked dots to the right of the address bar. Then continue via "Help" - "About Google Chrome".

Der Versionsdialog von Google Chrome — The Google Chrome version dialog shows the software version currently in use and starts the update process when an update is available.

(Bild: Screenshot / dmk)

After the update, a browser restart is required, which the dialog offers if necessary. Chrome users should quickly check whether they are using the bug-fixed version. On Linux, users usually start the software management of the distribution they are using.

As the vulnerability can be found in the Chromium project, on which Chrome and Microsoft's Edge are based, a corresponding update is also expected for the Redmond browser in the near future.

Read also

Stilisiertes Bild: Laptop auf Schreibtisch zeigt Suchmaschine an

Webbrowser: Sicherheitsupdates für Chrome und Firefox

In mid-April, Google closed numerous security gaps in Chrome and Mozilla in Firefox. Ideally, browser users should occasionally check whether they are up-to-date to make it as difficult as possible for attackers and reduce the attack surface.

(dmk)

nach oben

Alle Angebote

Newsletter heise-Bot

${intro} ${title}