ADVISORY!
TLP : CLEAR
Date : 10/05/2024
REF NO : CERT / 2024/05/42
Google Chrome Remote Code Execution Vulnerability
Severity Level: High
Components Affected
- Google Chrome prior to 124.0.6367.201 (Linux)
- Google Chrome prior to 124.0.6367.201/.202 (Mac)
- Google Chrome prior to 124.0.6367.201/.202 (Windows)
Overview
A vulnerability was identified in Google Chrome. A remote attacker could exploit this vulnerability to trigger remote code execution and denial of service on the targeted system.
Description
Use after free in Visuals in Google Chrome prior to 124.0.6367.201 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
Impact
- Remote Code Execution
- Denial of Service
Solution/ Workarounds
Before installation of the software, please visit the software vendor web-site for more details.
Apply fixes issued by the vendor:
- Update to version 124.0.6367.201 (Linux) or later
- Update to version 124.0.6367.201/.202 (Mac) or later
- Update to version 124.0.6367.201/.202 (Windows) or later
Reference
Disclaimer : The information provided herein is on an “as is” basis, without warranty of any kind.
Sri Lanka Computer Emergency Readiness Team | Coordination Centre
- Hotline : 101
- +94 11 269 1692
- Room 4-112, BMICH, Bauddhaloka Mawatha, Colombo 07, Sri Lanka.
- General inquiry: cert@cert.gov.lk
- Security incidents: incidents@cert.gov.lk
- Social media incidents: report@cert.gov.lk
