New Chrome Zero-Day Vulnerability CVE-2024-4761: What You Need to Know and How to Stay Safe - Cyber and Fraud Centre

Overview

Google has released an emergency update to address a new zero-day vulnerability in its Chrome browser. This high-severity flaw, identified as CVE-2024-4761, is actively exploited in the wild and poses significant risks to users.

Understanding CVE-2024-4761

The CVE-2024-4761 vulnerability is an out-of-bounds write bug in Chrome’s V8 JavaScript and WebAssembly engine. Discovered and reported anonymously on May 9, 2024, this flaw allows malicious actors to corrupt data, induce crashes, or execute arbitrary code on compromised systems. Specifically, it enables a remote attacker to escape Chrome’s sandbox and perform unauthorised actions beyond the browser’s confines.

How the Exploit Works

An out-of-bounds write occurs when a program writes data outside the memory boundaries allocated to it. This can lead to various security issues, including data corruption and arbitrary code execution. In the case of CVE-2024-4761, an attacker could exploit the bug by creating a crafted HTML page. When a user visits this page, the exploit manipulates memory in a way that bypasses Chrome’s security protections, potentially allowing the attacker to gain control over the affected system.

Recent History of Chrome Vulnerabilities

The disclosure of CVE-2024-4761 follows closely on the heels of another critical vulnerability, CVE-2024-4671, a use-after-free flaw in Chrome’s Visuals component. Together, these vulnerabilities highlight an ongoing trend of zero-day exploits targeting Chrome. Since the beginning of 2024, Google has patched six zero-day vulnerabilities, underscoring the persistent threat landscape for web browsers.

Threats and Implications

Exploits like CVE-2024-4761 are particularly dangerous because they can lead to a wide range of malicious activities, including data theft, malware insertion, and unauthorised access to sensitive systems. The existence of exploit code in the wild increases the urgency for users to apply security patches promptly.

Prevention and Mitigation

To protect against CVE-2024-4761 and similar threats, users should:

Update Chrome Immediately: Ensure your Chrome browser is updated to version 124.0.6367.207/.208 for Windows and macOS, and version 124.0.6367.207 for Linux. Chrome typically updates automatically, but users can manually check for updates by navigating to “Settings” > “About Chrome.”
Apply Updates to Chromium-Based Browsers: Users of browsers like Microsoft Edge, Brave, Opera, and Vivaldi should also apply the latest security updates as soon as they become available.
Enable Automatic Updates: Ensure that your browser and operating system are set to update automatically to receive security patches without delay.
Implement Additional Security Measures: Consider using browser isolation techniques and sandboxing to further protect your systems from potential exploits.

What to Do If You’re a Victim

If you suspect your system has been compromised by this or any other vulnerability, take the following steps:

Disconnect from the Internet: Isolate the affected device to prevent further unauthorised access.
Run a Full System Scan: Use a reputable antivirus or anti-malware tool to scan your system and remove any malicious software.
Change Passwords: Update passwords for all accounts accessed from the compromised device, starting with email and financial accounts.

The discovery of CVE-2024-4761 underscores the importance of maintaining up-to-date software and being vigilant about security threats. By promptly applying updates and following best practices, users can mitigate the risks associated with these vulnerabilities and protect their data from potential exploitation.

Further information available at:

15.05.24

Threat Intelligence Alerts