ADVISORY!
TLP : CLEAR
Date : 21/12/2023
REF NO : CERT /2023/12/03
Google Chrome Remote Code Execution Vulnerability
Severity Level: Extremely High Risk
Components Affected
Google Chrome prior to 120.0.6099.129 (Linux)
Google Chrome prior to 120.0.6099.129 (Mac)
Google Chrome prior to 120.0.6099.129/130 (Windows)
Overview
A vulnerability has been identified in Google Chrome. A remote attacker could exploit this vulnerability to trigger remote code execution on the targeted system.
Description
The bug – CVE-2023-7024 – was the eighth Chrome zero-day patched by Google this year. The flaw was described as a heap buffer overflow in WebRTC. Researchers Clément Lecigne and Vlad Stolyarov of Google’s Threat Analysis Group (TAG) reported the flaw on December 19, just a day before the patch was made.
Impact
Remote Code Execution
Solution/ Workarounds
Before installation of the software, please visit the software vendor web-site for more details.
Apply fixes issued by the vendor:
- Update to version 120.0.6099.129 (Linux) or later
- Update to version 120.0.6099.129 (Mac) or later
- Update to version 120.0.6099.129/130 (Windows) or later
Reference
Disclaimer : The information provided herein is on an “as is” basis, without warranty of any kind.
Sri Lanka Computer Emergency Readiness Team | Coordination Centre
- Hotline : 101
- +94 11 269 1692
- Room 4-112, BMICH, Bauddhaloka Mawatha, Colombo 07, Sri Lanka.
- General inquiry: cert@cert.gov.lk
- Security incidents: incidents@cert.gov.lk
- Social media incidents: report@cert.gov.lk
