Google released Chrome 124 update, addressing a zero-day vulnerability, CVE-2024-4671, which the company stated is being actively exploited in the wild. The vulnerability, classified as a high-severity use-after-free bug in the Visuals component, was reported by an anonymous researcher on May 7 and promptly patched within two days. While details on any bug bounty remain undisclosed, Chrome 124.0.6367.201/.202 for Mac and Windows, and Chrome 124.0.6367.201 for Linux, contain the fix for CVE-2024-4671. This marks the second Chrome vulnerability exploited in 2024, following CVE-2024-0519, patched in January. A recent report by Google and Mandiant highlighted a significant increase in zero-day vulnerabilities exploited in the wild in 2023, with eight targeting Chrome. Notably, spyware vendors accounted for 75% of known zero-day exploits affecting Google products and Android ecosystem devices in 2023.
Read more: https://www.securityweek.com/exploited-chrome-zero-day-patched-by-google/
