Vulnerability would allow a remote attacker to perform a sandbox escape via a crafted HTML page.
Google has said that it is aware that an exploit for CVE-2024-4671 exists in the wild, and issued a fix for the zero-day vulnerability.
The vulnerability, rated as high, impacts Google Chrome for Windows, Mac, and Linux and relates to a use after free condition in Visuals.
An advisory from MITRE explained that exploiting the vulnerability would allow a remote attacker - who had compromised the renderer process - to potentially perform a sandbox escape via a crafted HTML page.
This is the fifth zero-day fix of 2024 by Google Chrome, with two fixes coming in March.
Dan Raywood is a seasoned B2B journalist with over 20 years of experience, specializing in cybersecurity for the past 15 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes. Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.
Dan Raywood is a seasoned B2B journalist with over 20 years of experience, specializing in cybersecurity for the past 15 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes. Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.
Streamlining the lifecycle of joiners, movers, and leavers using no-code automation
An error occurred trying to play the stream. Please reload the page and try again.
CloseRegistering with SC Media is 100% free. Join tens of thousands of cybersecurity leaders today and gain access to the latest analysis shaping the global infosec agenda.
