Google patched CVE-2024-4671, the fifth zero-day vulnerability in Chrome this year. It’s a high-severity “user after free” flaw in the Visuals component. Citrix warned admins of the PuTTY SSH client bug. The exploit for CVE-2024-4671 is active, but details are scant. Use after-free flaws occur when a program accesses freed memory, leading to data leakage, code execution, or crashes. Google fixed this in Chrome versions 124.0.6367.201/.202 for Mac/Windows and 124.0.6367.201 for Linux. Users can confirm updates in Settings > About Chrome. This marks the fifth zero-day fixed in 2024, including vulnerabilities from the March Pwn2Own contest:
CVE-2024-0519: High-severity out-of-bounds memory access in Chrome V8 JavaScript engine.
CVE-2024-2887: High-severity type confusion in WebAssembly.
CVE-2024-2886: Use-after-free in WebCodecs API.
CVE-2024-3159: High-severity out-of-bounds read in Chrome V8 JavaScript engine.