Google is fixing a new zero-day vulnerability for its Chrome browser, bringing the number of patches this year to five.

Google updated its Chrome browser on May 9 to patch a critical zero-day vulnerability, CVE-2024-4671, after an anonymous source alerted the company to the vulnerability. The vulnerability has a severity score of 8.8 out of 10. Google is expected to release versions 124.0.6367.201/.202 for macOS and Windows and 124.0.6367.201 for Linux in the coming days. This is the fifth patch for Google this year.

Use after free vulnerability

The new vulnerability, known as CVE-2024-4671, is a so-called “use-after-free” vulnerability. This is a class of errors that occur in C-based programming languages. This vulnerability is related to the improper use of dynamic memory during program execution. If the app or process fails to delete the pointer after freeing memory, the attacker can exploit this flaw to hack the program.

Fifth in a row

Google is currently not releasing many details about the exploit, which platforms were attacked and who was behind the exploit. The company has released a new patch for this vulnerability. With this patch, Google has already fixed five zero-days in Chrome this year.

Google will release versions 124.0.6367.201/.202 for macOS and Windows and 124.0.6367.201 for Linux in the coming days. Users who want to check if their Chrome browser is updated can check at Settings > About Chrome To check the version there, click the button Start anew click.