For many digital enthusiasts, whether it’s Microsoft’s Windows system, Google’s Android system, or various browsers, the occurrence of serious security vulnerabilities and the release of patches by manufacturers have become commonplace.
Generally, when manufacturers release patches, they usually provide a brief introduction to the vulnerability, including its basic principles and dangers, to ensure users are informed.
On the other hand, manufacturers doing this also indicates confidence that the serious vulnerability has been basically resolved; only in such cases will the detailed security vulnerability information be disclosed.
According to industry practice, a new security vulnerability will not be disclosed to the public until it has been confirmed by the manufacturer and fixed to prevent the vulnerability from being exploited by more hackers, causing greater potential harm and loss.
On May 9, Google released an emergency update for the Chrome browser to fix a very “serious” zero-day vulnerability, numbered “CVE-2024-4671.” How “serious” is this CVE-2024-4671 vulnerability? So serious that Google has not disclosed any specific details about it.
The CVE-2024-4671 vulnerability was discovered by an anonymous researcher and reported to Google on May 8. After Google’s verification and investigation, it was found that the vulnerability is currently being actively exploited by cybercriminals. Even though the patch has now been released, it will take some time for most users to install it.
Therefore, Google has not disclosed the full details of the CVE-2024-4671 vulnerability for now and is expected to disclose it to the public after most users have installed the patch.
Despite this, there are some related rumors that can be roughly used as a reference:
Reportedly, the CVE-2024-4671 vulnerability exploits a flaw where a memory pointer can continue to be used after being released, potentially leading to unauthorized data operations or crashes. As a result, in versions of Chrome prior to 124.0.6367.201, its visual function allows remote attackers to potentially exploit heap corruption through specially crafted HTML pages.
— The CVE-2024-4671 vulnerability is very serious, and Google urges all Chrome browser users to update immediately.
Since the Chrome browser has multiple platform versions, and the latest version numbers are not unified across different platforms, Windows users need to upgrade to Chrome v124.0.6367.202 (please refer to the above image), while Linux users need to upgrade to Chrome v124.0.6367.201.
Finally, it is important to emphasize that:
The CVE-2024-4671 vulnerability is not limited to the Chrome browser; all browsers based on the Chromium kernel are affected, including but not limited to Microsoft Edge and Opera. It is expected that related browser manufacturers will release similar updates soon, so users need to pay close attention and install the updates as soon as possible.
Source: https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_9.html
Disclaimer: This article is created by the original author. The content of the article represents their personal opinions. Our reposting is for sharing and discussion purposes only and does not imply our endorsement or agreement. If you have any objections, please contact us through the provided channels.