Just days after the weekly Google Chrome security update comes another security update for the web browser. This one unscheduled, as it fixes a 0-day security issue in Google Chrome that is exploited in the wild.
Google Chrome users should update the browser immediately to protect the browser and their data. Here is how that is done:
- Open Google Chrome on a desktop system.
- Select Menu > Help > About Google Chrome.
The browser displays the current version and runs a check for updates. It should pick up the security update and install it automatically.
Windows users may also launch a command prompt window and run winget upgrade Google.Chrome.EXE to update the browser to the latest version.
One of the following versions should be displayed by Chrome after installation of the update:
- Chrome for Windows or Mac: 124.0.6367.201 or 124.0.6367.202
- Chrome for Linux: 124.0.6367.201
- Chrome Extended for Windows or Mac: 124.0.6367.201
The Chrome 0-day security issue: what we know
Google reveals little about the security issue on the official Chrome Releases website.
[N/A][339266700] High CVE-2024-4671: Use after free in Visuals. Reported by Anonymous on 2024-05-07
Google is aware that an exploit for CVE-2024-4671 exists in the wild.
The security issue is rated high and it is a use after free in Visuals. It was reported to Google on May 7, 2024, which means that it could have been exploited at least since that date. It is unclear how this issue can be exploited.
Other Chromium-based web browsers are also affected by the issue. This means that browsers such as Microsoft Edge, Vivaldi, Brave, or Opera are all vulnerable until an update is released.
Expect updates for these browsers in the coming hours and days.
Chrome on Android does not seem to be affected by the issue, as Google has not published an update for the browser or made an announcement on the releases blog regarding the platform.
When do you update browsers?
I’m reading a bit more about this cve, it sounds like a nasty one. Users on Mac, Windows and GNU/Linux distros could have their logged in user accounts hijacked, allowing exploiters to create new users on the OS or to alter or destroy data. This would be a big problem on a GNU/Linux distro, where most ransomeware will not run. If this allowed a hijacker to alter or delete data that could be as destructive as a ransomeware attack.