A Chrome 124 update released by Google on Thursday patches a zero-day vulnerability for which, according to the internet giant, an exploit exists in the wild.
The zero-day is tracked as CVE-2024-4671 and it has been described by Google as a high-severity use-after-free bug in the Visuals component.
The company has credited an anonymous researcher for reporting the vulnerability on May 7, which means it only took two days to develop and release a patch.
Google’s advisory provides no information on a bug bounty.
In addition, no information is available on the attacks exploiting CVE-2024-4671, but Chrome vulnerabilities are often targeted by commercial spyware vendors.
Chrome 124.0.6367.201/.202 for Mac and Windows and Chrome 124.0.6367.201 for Linux contain the patch for CVE-2024-4671.
According to Google, this is the second Chrome vulnerability of 2024 that has been exploited in malicious attacks. The first is CVE-2024-0519, which the company patched in January.
In a recent report, Google and Mandiant said they monitored 97 zero-day vulnerabilities exploited in the wild in 2023, a 50% increase compared to the previous year.
Eight of the zero-days targeted Chrome. The companies said spyware vendors were behind 75% of known zero-day exploits targeting Google products and Android ecosystem devices in 2023.
Related: Google Patches Critical Chrome Vulnerability
Related: Chrome 124, Firefox 125 Patch High-Severity Vulnerabilities
Related: Google Pays Out $41,000 for Three Serious Chrome Vulnerabilities
Related: Google Patches Chrome Flaw That Earned Hackers $42,500 at Pwn2Own
