ADVISORY!
TLP : CLEAR
Date : 17/05/2024
REF NO : CERT / 2024/05/46
Google Chrome Remote Code Execution Vulnerability
Severity Level: High
Components Affected
- Google Chrome prior to 124.0.6367.207 (Linux)
- Google Chrome prior to 124.0.6367.207/.208 (Mac)
- Google Chrome prior to 124.0.6367.207/.208 (Windows)
Overview
A vulnerability was identified in Google Chrome. A remote attacker could exploit this vulnerability to trigger remote code execution and denial of service on the targeted system.
Note:
Google is aware of reports that an exploit for CVE-2024-4761 exists in the wild. CVE-2024-4761 is an out-of-bounds write vulnerability impacting the V8 Javascript and WebAssembly engine leading to crash condition or arbitrary code execution on compromised hosts.
Description
Out of bounds write in V8 in Google Chrome prior to 124.0.6367.207 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.
Impact
- Remote Code Execution
- Denial of Service
Solution/ Workarounds
Before installation of the software, please visit the software vendor web-site for more details.
Apply fixes issued by the vendor:
- Update to version 124.0.6367.207 (Linux) or later
- Update to version 124.0.6367.207/.208 (Mac) or later
- Update to version 124.0.6367.207/.208 (Windows) or later
Reference
Disclaimer : The information provided herein is on an “as is” basis, without warranty of any kind.
Sri Lanka Computer Emergency Readiness Team | Coordination Centre
- Hotline : 101
- +94 11 269 1692
- Room 4-112, BMICH, Bauddhaloka Mawatha, Colombo 07, Sri Lanka.
- General inquiry: cert@cert.gov.lk
- Security incidents: incidents@cert.gov.lk
- Social media incidents: report@cert.gov.lk
