ADVISORY!
TLP : CLEAR
Date : 03/04/2024
REF NO : CERT / 2024/04/25
Google Chrome Multiple Vulnerabilities
Severity Level: High
Components Affected
- Google Chrome prior to 123.0.6312.105 (Linux)
- Google Chrome prior to 123.0.6312.105/.106/.107 (Mac)
- Google Chrome prior to 123.0.6312.105/.106/.107 (Windows)
Overview
Multiple vulnerabilities were identified in Google Chrome. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, information disclosure and remote code execution on the targeted system.
Description
Inappropriate implementation in V8 in Google Chrome prior to 123.0.6312.105 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
Use after free in Bookmarks in Google Chrome prior to 123.0.6312.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Out of bounds memory access in V8 in Google Chrome prior to 123.0.6312.105 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page.
Impact
- Remote Code Execution
- Denial of Service
- Information Disclosure
Solution/ Workarounds
Before installation of the software, please visit the software vendor web-site for more details.
Apply fixes issued by the vendor:
- Update to version 123.0.6312.105 (Linux) or later
- Update to version 123.0.6312.105/.106/.107 (Mac) or later
- Update to version 123.0.6312.105/.106/.107 (Windows) or later
Reference
Disclaimer : The information provided herein is on an “as is” basis, without warranty of any kind.
Sri Lanka Computer Emergency Readiness Team | Coordination Centre
- Hotline : 101
- +94 11 269 1692
- Room 4-112, BMICH, Bauddhaloka Mawatha, Colombo 07, Sri Lanka.
- General inquiry: cert@cert.gov.lk
- Security incidents: incidents@cert.gov.lk
- Social media incidents: report@cert.gov.lk
