A Chrome 124 update patches the second Chrome zero-day that has been found to be exploited in malicious attacks in 2024. The zero-day is tracked as CVE-2024-4671 and it has been described by Google as a high-severity use-after-free bug in the Visuals component. No information is available on the attacks exploiting CVE-2024-4671, but Chrome vulnerabilities are often targeted by commercial spyware vendors.

Read more: https://www.securityweek.com/exploited-chrome-zero-day-patched-by-google/