
Chrome 142 Update Patches Exploited Zero-Day Vulnerability CVE-2024-4671
Google has released Chrome 142.0.7254.146/.147 for Windows and macOS, and Chrome 142.0.7254.146 for Linux to address a zero-day vulnerability identified as CVE-2024-4671. This vulnerability is a use-after-free issue in the Visuals component of Chrome and has been actively exploited in the wild. The exploit was reported by Google's Threat Analysis Group (TAG), which attributed the exploitation to a commercial spyware vendor. Use-after-free vulnerabilities can lead to arbitrary code execution, posing a significant risk to users. The widespread use of Chrome makes this vulnerability particularly concerning, as it could affect millions of users globally. The involvement of commercial spyware vendors indicates that the exploit may have been used for targeted surveillance or espionage activities. Organizations and individual users are strongly advised to update their Chrome browsers immediately to mitigate the risk of exploitation. This incident underscores the importance of timely patching and robust vulnerability management practices. Cybersecurity professionals should ensure that their patch management processes are up-to-date and that users are educated about the risks associated with unpatched software. Additionally, continuous monitoring and threat intelligence sharing can help organizations stay ahead of emerging threats.