Use after free in Google Chrome Visuals component (CVE-2024-4671) #shorts #breaking

CVE

CVE-2024-4671 identifies a critical security flaw known as a 'use after free' vulnerability within the Visuals component of Google Chrome. This zero-day vulnerability, which surfaced very recently, can be triggered using a specially crafted HTML page. Attackers exploit this flaw to cause heap corruption, which could potentially permit execution of malicious code. The vulnerability impacts all users of Google Chrome versions prior to 124.0.6367.201 and has been identified in attacks on Chrome users worldwide.

Watch the full video on YouTube: CVE-2024-4671

Remediation and exploitation details

This chain involves the following actors

This following systems are involved

Attack entry point

Remediation actions

Exploitation actions

Related Content

NOTE: The following related content has not been vetted and may be unsafe.

CVE database technical details

CVE ID
CVE-2024-4671
Description
Use after free in Visuals in Google Chrome prior to 124.0.6367.201 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Provider
Chrome
CWE / problem types
Use after free
Affected Software Versions
Google:Chrome:[{'version': '124.0.6367.201', 'status': 'affected', 'lessThan': '124.0.6367.201', 'versionType': 'custom'}]
Date Published
2024-05-09T23:54:09.853Z
Last Updated
2025-02-13T17:53:37.579Z