Google has released Chrome Version 124.0.6367.201/.202 for Mac and Windows and 124.0.6367.201 for Linux to address a zero-day vulnerability tracked as CVE-2024-4671.

Based on the official site for Chrome updates, “Google is aware that an exploit for CVE-2024-4671 exists in the wild”.

_____________________________

A. Nature of the Vulnerability

CVE-2024-4671

Use after free in Visuals in Google Chrome prior to 124.0.6367.201 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

_____________________________

B. Actions to be Taken

CERT-PH recommends the following actions be taken:

• Kindly review and apply the necessary updates to mitigate future threats.
• For additional information, kindly refer to the official report
  • https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_9.html