Google Releases the First Critical Security Update of 2024 for Chrome Users

Google is addressing the first critical security issue in Chrome of the year with the release of important updates for desktop and mobile users.

An advisory published yesterday by the technology giant says Chrome has been updated to version 120.0.6099.234 for Mac, version 120.0.6099.224 for Linux, and version 120.0.6099.224/225 for Windows, “which will roll out over the coming days/weeks.”

The release includes four security fixes, all of “high” importance. One of them, tracked as CVE-2024-0519, is said to be actively exploited by threat actors.

“Google is aware of reports that an exploit for CVE-2024-0519 exists in the wild,” reads the notice.

Exploiting the flaw, described as an “out of bounds memory access” issue in Chrome’s V8 JavaScript engine, could let a motivated attacker bypass protection mechanisms and improve their chances of chaining together various flaws to execute code on the target device. The vulnerability was reported to Google by an anonymous source on Jan. 11.

The mobile version of the popular web browser gets the same fixes in version 120.0.6099.230 on Android devices. Apple customers are not impacted by these newly discovered weaknesses, so they don’t have to do anything this time around.

If you use Chrome, it’s highly recommended that you deploy this fix sooner rather than later. Chromium-based browsers like Edge, Brave, Opera, and Vivaldi are also receiving the fix.

Zero-day security flaws – ones found to be exploited in the wild before the vendor catches wind of the weakness – present an important opportunity for bad actors in targeted attacks.

Last year, security flaws of a similar severity were used to infect high-profile targets with Predator spyware, proving the importance of updating Chrome – and indeed all your apps and devices – with the latest security fixes the moment they’re available.

Bitdefender strongly recommends that netizens always keep all their software updated with the latest security patches issued by the vendor, regardless of device or OS. For peace of mind, consider running a dedicated security solution at all times to fend off the wide range of threats making the rounds in today’s digital landscape.