Now on Demand: Threat Detection and Incident Response (TDIR) Summit - All Sessions Available
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Exploited Chrome Zero-Day Patched by Google

A Chrome 124 update patches the second Chrome zero-day that has been found to be exploited in malicious attacks in 2024.

CVE-2024-5274

A Chrome 124 update released by Google on Thursday patches a zero-day vulnerability for which, according to the internet giant, an exploit exists in the wild.

The zero-day is tracked as CVE-2024-4671 and it has been described by Google as a high-severity use-after-free bug in the Visuals component. 

The company has credited an anonymous researcher for reporting the vulnerability on May 7, which means it only took two days to develop and release a patch.

Google’s advisory provides no information on a bug bounty. 

In addition, no information is available on the attacks exploiting CVE-2024-4671, but Chrome vulnerabilities are often targeted by commercial spyware vendors. 

Chrome 124.0.6367.201/.202 for Mac and Windows and Chrome 124.0.6367.201 for Linux contain the patch for CVE-2024-4671.

According to Google, this is the second Chrome vulnerability of 2024 that has been exploited in malicious attacks. The first is CVE-2024-0519, which the company patched in January. 

In a recent report, Google and Mandiant said they monitored 97 zero-day vulnerabilities exploited in the wild in 2023, a 50% increase compared to the previous year. 

Advertisement. Scroll to continue reading.

Eight of the zero-days targeted Chrome. The companies said spyware vendors were behind 75% of known zero-day exploits targeting Google products and Android ecosystem devices in 2023.

Related: Google Patches Critical Chrome Vulnerability

Related: Chrome 124, Firefox 125 Patch High-Severity Vulnerabilities

Related: Google Pays Out $41,000 for Three Serious Chrome Vulnerabilities

Related: Google Patches Chrome Flaw That Earned Hackers $42,500 at Pwn2Own

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

People on the Move

Wendy Zheng named as CFO and Joe Diamond as CMO at cyber asset management firm Axonius.

Intelligent document processing company ABBYY has hired Clayton C. Peddy as CISO.

Digital executive protection services provider BlackCloak has appointed Ryan Black as CISO.

More People On The Move

Expert Insights