Google has released updates to address an actively exploited vulnerability in the Chrome browser. Tracked as CVE-2024-4671, Google has given the vulnerability a high severity rating. The use-after-free vulnerability exists in the Visuals component. In the advisory, Google mentioned that they are aware of the active exploitation of the vulnerability.
CISA acknowledged the active exploitation of the vulnerability by adding it to its Known Exploited Vulnerabilities Catalog. CISA requested users to patch the flaw before June 3, 2024.
Affected Versions
Google Chrome versions before 124.0.6367.201 are affected by this vulnerability.
Mitigation
Customers are requested to upgrade to the latest stable channel version 124.0.6367.201/.202 for Mac and Windows and 124.0.6367.201 for Linux.
In the coming weeks, Google will release Extended Stable channel 124.0.6367.201 for Mac and 120.0.6099.225 for Windows.
For more information, please refer to the Google Chrome Release Page.
Qualys Detection
Qualys customers can scan their devices with QIDs 379767 and 379772 to detect vulnerable assets.
Microsoft has released the Edge Stable Channel (Version 124.0.2478.97) to address CVE-2024-4671, which the Chromium team has reported as being exploited in the wild.
Please continue to follow Qualys Threat Protection for more coverage of the latest vulnerabilities.
References
https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_9.html
