ADVISORY!
TLP : CLEAR
Date : 14/03/2024
REF NO : CERT / 2024/03/20
Google Chrome Remote Code Execution Vulnerability
Severity Level: High
Components Affected
- Google Chrome prior to 122.0.6261.128 (Linux)
- Google Chrome prior to 122.0.6261.128/.129 (Mac)
- Google Chrome prior to 122.0.6261.128/.129 (Windows)
Overview
A vulnerability was identified in Google Chrome. A remote attacker could exploit this vulnerability to trigger remote code execution on the targeted system.
Description
Use after free in Performance Manager in Google Chrome prior to 122.0.6261.128 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Impact
- Remote Code Execution
Solution/ Workarounds
Before installation of the software, please visit the software vendor web-site for more details.
Apply fixes issued by the vendor:
- Update to version 122.0.6261.128 (Linux) or later
- Update to version 122.0.6261.128/.129 (Mac) or later
- Update to version 122.0.6261.128/.129 (Windows) or later
Reference
Disclaimer : The information provided herein is on an “as is” basis, without warranty of any kind.
Sri Lanka Computer Emergency Readiness Team | Coordination Centre
- Hotline : 101
- +94 11 269 1692
- Room 4-112, BMICH, Bauddhaloka Mawatha, Colombo 07, Sri Lanka.
- General inquiry: cert@cert.gov.lk
- Security incidents: incidents@cert.gov.lk
- Social media incidents: report@cert.gov.lk
