ADVISORY!

TLP : CLEAR

Date : 10/01/2024

REF NO : CERT / 2024/01/03

Google Chrome Security Restriction Bypass Vulnerability

Severity Level: High

Components Affected

  • Google Chrome prior to 120.0.6099.216 (Linux)
  • Google Chrome prior to 120.0.6099.216 (Mac)
  • Google Chrome prior to 120.0.6099.216/217 (Windows)

Overview

A vulnerability has been identified in Google Chrome. A remote attacker could exploit this vulnerability to trigger security restriction bypass on the targeted system.

Description

Insufficient data validation in Extensions in Google Chrome prior to 120.0.6099.216 allowed an attacker in a privileged network position to install a malicious extension via a crafted HTML page.

  • CVE-2024-0333

Impact

  • Security Restriction Bypass

Solution/ Workarounds

Before installation of the software, please visit the software vendor web-site for more details.

Apply fixes issued by the vendor:

  • Update to version 120.0.6099.216 (Linux) or later
  • Update to version 120.0.6099.216 (Mac) or later
  • Update to version 120.0.6099.216/217 (Windows) or later

Reference

Disclaimer : The information provided herein is on an “as is” basis, without warranty of any kind.

Sri Lanka Computer Emergency Readiness Team | Coordination Centre

Copyright © 2023 SRI LANKA CERT | CC