Facepalm: Google has released a new stable version of Chrome just a few days after updating the browser. The latest issue is designed to fix a highly dangerous security vulnerability that is already being exploited in the wild by unknown cybercriminals.
For the sixth time this year, Google has rushed a security update for Chrome, the world's most popular web browser. The new stable channel update is available for Windows (version 124.0.6367.207), Mac (version 124.0.6367.208), and Linux (version 124.0.6367.207). Users with automatic updates enabled should receive the new version over the coming days or weeks.
This latest Chrome version includes a single fix for a high-severity vulnerability tracked as CVE-2024-4761. Discovered by an unnamed researcher, the bug involves an out-of-bounds write problem in the browser's V8 JavaScript engine. V8 is responsible for translating and executing JavaScript code found on public web pages, contributing significantly to Chrome's performance and responsiveness.
As with any out-of-bounds issue, CVE-2024-4761 could potentially grant cybercriminals and black hat hackers unauthorized access to user data, the ability to execute arbitrary code, or cause the software to crash. Given that malicious actors are already exploiting this bug, it's classified as a zero-day issue.
Google acknowledges that an exploit for CVE-2024-4761 "exists in the wild." Details and links regarding the bug are currently restricted and will remain so until a majority of Chrome users have received an updated browser version. Information about the bug will also be restricted if the same issue exists in third-party libraries or other projects that depend on them.
Despite being the most widely used browser on both desktop and mobile platforms, Chrome hasn't consistently provided the most secure browsing experience lately. Since the beginning of 2024, Google has been required to fix six zero-day security vulnerabilities in various Chrome components.
In just five months, software engineers in Mountain View have addressed some significant flaws, including an out-of-bounds memory access issue that allowed hackers to execute malicious code remotely (CVE-2024-0519), a high-severity confusion flaw in the WebAssembly (Wasm) component (CVE-2024-2887), and more. Google advises Chrome users to always enable automatic updates and install new browser versions promptly, especially when dealing with zero-day bugs.