1. What is this vulnerability and why does it matter?

This vulnerability, identified as CVE-2024-4671, is a Use-After-Free (UAF) flaw located in the Visuals component of Google Chrome. A Use-After-Free vulnerability occurs when a program tries to use memory that has already been freed, which can lead to unpredictable behavior, including crashes, corruption of data, or arbitrary code execution. This particular vulnerability allows a remote attacker, who has already compromised the renderer process, to potentially perform a sandbox escape via a specially crafted HTML page. This is critical because a sandbox escape bypasses one of Chrome's fundamental security mechanisms, allowing an attacker to break out of the isolated browser environment and gain access to the underlying operating system and its resources, potentially leading to full system compromise.

2. What are the CVSS score, severity level, and disclosure details?

The Common Vulnerability Scoring System (CVSS) score for CVE-2024-4671 is 9.6. This CVSS score indicates a Critical severity level. The vulnerability was publicly published on 2024-05-09 23:54:09 and was last modified on 2025-10-21 23:05:18. The Chromium security severity is rated as High.

3. Which products, vendors, systems, and versions are affected?

The affected product is Google Chrome, developed by Google. Specifically, all versions of Google Chrome prior to 124.0.6367.201 are vulnerable.

4. What is the technical root cause and attack vector?

The technical root cause of this vulnerability is a Use-After-Free (UAF) error (CWE-416) within the Visuals component of Google Chrome. The attack vector involves a remote attacker who has already successfully compromised the browser's renderer process. Once the renderer process is compromised, the attacker can then craft and deliver a malicious HTML page. This crafted HTML page is designed to trigger the UAF condition in the Visuals component, leading to the subsequent sandbox escape.

5. How can this vulnerability be exploited?

This vulnerability can be exploited by a remote attacker in a multi-stage attack. First, the attacker must compromise the Google Chrome renderer process, likely through another vulnerability (e.g., a remote code execution flaw in the renderer). Once the renderer is compromised, the attacker can then serve a specially crafted HTML page to the victim. This crafted HTML page interacts with the Visuals component in a way that triggers the Use-After-Free condition. Successful exploitation leads to a sandbox escape, allowing the attacker to execute arbitrary code outside the browser's security sandbox, gaining elevated privileges and potentially control over the underlying operating system. The presence of published active exploits increases the immediate threat.

6. What mitigation steps and patches are available?

The primary mitigation step and patch available for this vulnerability is to update Google Chrome to a secure version. Users and administrators should ensure that Google Chrome is updated to version 124.0.6367.201 or later. Timely application of this update will remediate the Use-After-Free vulnerability in the Visuals component.

7. How can vulnerable systems be detected?

Vulnerable systems can be detected by checking the installed version of Google Chrome. Any instance of Google Chrome running a version prior to 124.0.6367.201 is considered vulnerable to CVE-2024-4671. Users can typically check their Chrome version by navigating to "Help > About Google Chrome" in the browser's menu.

8. What are the indicators of compromise (IOCs)?

9. Which threat actors are known to exploit this vulnerability?

10. What public intelligence references and advisories exist?

The primary public intelligence reference for this vulnerability is its CVE identifier, CVE-2024-4671. Given the Chromium security severity rating of "High," Google would have issued official security advisories or release notes detailing the fix in Chrome version 124.0.6367.201. These advisories serve as official intelligence references.

11. What is the risk assessment and urgency level?

The risk assessment for CVE-2024-4671 is High, and the urgency level is Critical. This assessment is based on several factors:

• CVSS Score: A score of 9.6 out of 10 signifies critical severity.
• Impact: The vulnerability allows for a sandbox escape, which is a severe security bypass. This could lead to an attacker executing code outside the browser's security boundaries, potentially leading to full system compromise.
• Exploitability: The vulnerability is exploitable by a remote attacker with a crafted HTML page, assuming initial renderer compromise. Furthermore, the information states that active exploits have been published, indicating that the vulnerability is actively being targeted or proof-of-concept code is publicly available, increasing the immediate threat.

Organizations and individual users should prioritize updating affected systems immediately to mitigate the significant risk posed by this vulnerability.