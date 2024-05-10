



Google has released a security update for its Chrome browser to fix a zero-day vulnerability exploit used by threat actors. Bleeping Computer reports that this is the fifth time this year that the company has had to issue a patch for one of these vulnerabilities.

“Google is aware that an exploit for CVE-2024-4671 is in the wild,” the company said in a short advisory. He did not specify the nature of the attack or the identity of the attacker. This is common as Google prefers to wait until the majority of users have updated their software before announcing specific details.

We know a few things about this exploit. This is classified as a high severity issue and as a post-user vulnerability. These bugs occur when a program references a memory location that has been deallocated, and can have serious consequences ranging from crashes to random execution of code. CVE-2024-4671 The vulnerability appears to be tied to the visual component that handles rendering and displaying content on the browser.

This exploit was discovered by an anonymous researcher and reported to Google. The fix is ​​available for his Mac, Windows, and Linux, and the update will be rolled out to users over the coming days and weeks. Chrome automatically updates with security fixes, so users can[設定]and[Chrome について]You can make sure you're running the latest version of your browser by going to Users of Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi should also update to new versions as soon as they become available.

As mentioned above, this is the fifth flaw of this kind that Google has addressed this year. It does not mean within the past calendar year. That is, 2024. 3 He was discovered at the Pwn2Own hacking contest held in Vancouver in March. This is not a record or anything. Google discovered and fixed 5 items in 1 month in 2020.

Zero-day exploits are a constant thorn in Google's side. These are a type of cyberattack that takes advantage of unknown or unresolved security flaws in computer software, hardware, or firmware. The company typically pays large sums of money to find bugs as part of its vulnerability bounty program.

