Google just patched the fifth zero-day exploit for Chrome this year

We highly recommend checking to see if your browser is updated to the latest version.

Unsplash / Clint Patterson

Google has released a security update for the Chrome browser to fix a zero-day vulnerability exploit that has been used by threat actors. This is the fifth time this year the company has had to issue a patch for one of these vulnerabilities, as reported by Bleeping Computer.

"Google is aware that an exploit for CVE-2024-4671 exists in the wild," the company said in a short advisory. It did not issue any specifics as to the nature of the real-world attack or the identity of the threat actors. This is common for Google, as it likes to wait until a majority of users have updated the software before announcing specific details.

We do know some stuff about the exploit. It’s being classified as a “high-severity issue” and as a “user after free” vulnerability. These bugs arise when a program references a memory location after it has been deallocated, leading to any number of serious consequences from a crash to a random execution of code. It looks like the CVE-2024-4671 vulnerability is attached to the visuals component that handles rendering and the display of content on the browser.

The exploit was discovered and reported to Google by an anonymous researcher. The fix is available for Mac, Windows and Linux and updates will continue to roll out to users over the coming days and weeks. Chrome updates automatically with security fixes, so users can confirm they are running the latest version of the browser by going to Settings and About Chrome. Users of Chromium-based browsers like Microsoft Edge, Brave, Opera and Vivaldi should also update to a new version as soon as they are available.

As stated, this is the fifth of this type of flaw addressed by Google this year. I don’t mean “within the last calendar year.” I mean in 2024. Three were discovered back in March at the Pwn2Own hacking contest in Vancouver. This isn’t a record or anything. Google found and fixed five in one month back in 2020.

Zero-day exploits have been a constant thorn in Google’s side. These are a type of cyberattack that take advantage of an unknown or unaddressed security flaw in computer software, hardware or firmware. The company typically pays out big money for bug discoveries, as part of its Vulnerability Rewards Program.