Update your Chrome browser ASAP. Google has confirmed a zero-day exploited in the wild

A new Chrome JavaScript security hole is nasty, so get to patching your systems.
Written by Steven Vaughan-Nichols, Senior Contributing Editor
Chrome logo in sand.
Jack Wallen/ZDNET

Google has released a critical security update for the Chrome web browser. The zero-day flaw, CVE-2024-4671, is a "use-after-free" vulnerability in Chrome's Visuals component.

You might be asking, "what is Chrome's Visuals component?" In short, it's the part responsible for rendering and displaying content in the browser. Everyone uses a browser to open content, so everyone's vulnerable.

Also: The best VPN services of 2024: Expert tested and reviewed

Specifically, the vulnerability enables an attacker to exploit out-of-bounds memory access. In English, that means if you go to a website with a malicious webpage, it can foul up your computer. It doesn't matter if your machine's running Linux, macOS, or Windows. This security hole is an equal-opportunity troublemaker.

Discovered by an anonymous researcher and reported directly to Google, CVE-2024-4671 has a Common Vulnerability Scoring System (CVSS) rating of 8.8, which means it's a serious vulnerability.

It could be worse -- ratings above 9.0 are critical, aka Fix It Right Now -- but this is bad enough. An attacker can use this flaw to read data from your computer, cause crashes, and even take over a PC. In short, it's bad news.

Also: 5 ways to declutter your Chrome browser

What really makes this one a stinker is that it's being exploited now. The advisory notes that Google is aware that an exploit for CVE-2024-4671 exists in the wild.

To ensure you're protected, verify that you have the latest version of Chrome by navigating to Settings > About Chrome. The up-to-date protected versions are 124.0.6367.201/.202 for Mac and Windows and 124.0.6367.201 for Linux. Users in the Extended Stable channel will receive version 124.0.6367.201 for Mac and Windows in the coming days.

In addition to Chrome proper, this security hole is also present in Microsoft Edge, . It was fixed with the May 10th update. If you use Brave, Opera, Vivaldi, or any other Chromium or Chrome-based web browser, you need to update as soon as possible to be safe. For all practical purposes, the only web browser that doesn't have this problem is Firefox.

I wouldn't wait. To stay safe, update Chrome immediately.

Editorial standards