Google Chrome users beware! A critical vulnerability (CVE-2024-4058) has been patched in the latest update (version 124). This flaw could allow attackers to take control of your system.
Google addressed a critical vulnerability (CVE-2024-4058) in its Chrome web browser on Wednesday, April 24th, 2024. This flaw resides within the ANGLE graphics layer engine and carries a “critical” severity rating, indicating its potential for severe exploitation.
While the critical CVE-2024-4058 garnered the most attention, Google’s Chrome update (version 124) also patched two additional high-severity vulnerabilities:
- CVE-2024-4059: This vulnerability is classified as an out-of-bounds read within the V8 JavaScript engine. An out-of-bounds read allows attackers to access memory locations they shouldn’t, potentially revealing sensitive information.
- CVE-2024-4060: This vulnerability is a use-after-free issue in the Dawn component. Use-after-free vulnerabilities can lead to crashes or potentially code execution depending on how they are exploited.
The Importance of Updating
While the specific details and exploitability of CVE-2024-4059 and CVE-2024-4060 are not yet fully public, it’s important to update Chrome regardless. A high-severity rating suggests these vulnerabilities could also be weaponized by attackers, so patching promptly remains the best course of action.
Jason Soroko, Senior Vice President of Product at Sectigo commented on the update stating, “CVE-2024-4058, a Type Confusion in ANGLE, is a vulnerability categorized as critical because it could allow remote code execution (RCE), enabling attackers to put malware onto the victim’s device. This latest vulnerability is a bad one for sure, and therefore it would be critical to patch this immediately.”
How to Protect Yourself
The safest course of action is to update your Google Chrome browser immediately. Google has released Chrome version 124 which addresses this vulnerability alongside other security fixes. Here’s how to update Chrome:
- Windows & Mac: Open Chrome, click the three vertical dots in the top right corner, go to “Help” and then “About Chrome.” Chrome will automatically check for updates and install them if available.
- Linux: The update process for Linux may vary depending on your distribution. Consult your distribution’s documentation for specific update instructions.
Updating to Chrome version 124 protects you from these critical, high-severity, and potentially dangerous vulnerabilities. For additional technical details and a full list of changes in this build visit the Log section.
RELATED TOPICS
- Critical Chrome Update Counters Spyware Vendor’s Exploits
- Google Chrome to Mask User IP Addresses to Protect Privacy
- Fake Chrome Browser Update Installs NetSupport Manager RAT
- CISA Warns of Chrome and Excel Parsing LibraryExploitable Flaws
- Fantom Foundation Suffers Wallet Hack Via Google Chrome 0-Day