Google has released a security update for the Chrome browser to fix the fifth zero-day vulnerability exploited in the wild since the start of the year. The high-severity issue tracked as CVE-2024-4671 is a “user after free” vulnerability in the Visuals component that handles the rendering and display of content on the browser. CVE-2024-4671 was discovered and reported to Google by an anonymous researcher, while the company disclosed that it is likely actively exploited.
“Google is aware that an exploit for CVE-2024-4671 exists in the wild,”
reads the advisory without providing additional information. Use after-free flaws are security flaws that occur when a program continues to use a pointer after the memory it points to has been freed, following the completion of its legitimate operations on that region. Because the freed memory could now contain different data or be used by other software or components, accessing it could result in data leakage, code execution, or crash.
