Paubox News | HIPAA Compliance, Email Security and Healthcare Tech

Google addresses the fifth zero-day vulnerability in Chrome

Written by Caitlin Anthoney | May 14, 2024

Google has patched a zero-day vulnerability in its Chrome browser, safeguarding users from potential exploitation by malicious actors.

 

What happened

Google has issued an update for its Chrome browser, addressing a zero-day vulnerability (CVE-2024-4671) that would have allowed attackers to execute malicious code on users' devices. This marks the fifth time, this year, that Google has responded to existing exploits.

 

The backstory

The vulnerability, categorized as a "use after freebug, originates from memory management issues in C-based programming languages. Despite developers' efforts to deallocate memory space once it's no longer needed, these bugs occur when pointers to freed memory are improperly utilized, potentially leading to the execution of malicious code.

This recent Chrome update follows a series of similar security incidents. Earlier this year, Google had to address several other zero-day vulnerabilities, including three zero-day vulnerabilities found in Chrome, during the Pwn2Own hacking contest in March. These vulnerabilities included weaknesses in the Chrome V8 JavaScript engine, the WebAssembly (Wasm) standard, and the WebCodecs API. The vulnerabilities allowed remote attackers to execute arbitrary code, exploit memory corruption issues, and gain unauthorized entry to sensitive data using crafted HTML pages.

 

What was said

According to Chrome Releases, an anonymous source reported the vulnerability on May 7, 2024. Google states that it “is aware that an exploit for CVE-2024-4671 exists in the wild,” emphasizing its severity with a rating of 8.8 out of 10. 

The company promptly announced the release of updated versions of Chrome for macOS, Windows, and Linux to address the issue and mitigate potential risks to users' privacy and security.

 

Why it matters

Zero-day vulnerabilities risk users' privacy and security, requiring proactive measures from developers and users to mitigate potential exploits. The frequency of these security updates also demonstrates ongoing cybersecurity threats and the efforts by developers to stay ahead of malicious actors. Moreover, it shows the shared responsibility between developers and users in safeguarding data, contributing to a safer online environment.

 

The bottom line

While Google has patched the reported vulnerabilities, users must promptly update their Chrome browsers to the latest version to mitigate these security risks. Users can confirm the status of their browser's version by going to Settings > About Chrome, allowing the update procedure to finalize, and clicking on the 'Relaunchbutton.