Google Chrome Multiple Vulnerabilities

Severity Level: Medium

Date: 03/09/2024

Ref: CERT / 2024/09/79

Components Affected

• Google Chrome prior to 128.0.6613.119 (Linux)
• Google Chrome prior to 128.0.6613.119/.120 (Mac)
• Google Chrome prior to 128.0.6613.119/.120 (Windows)

Overview

Multiple vulnerabilities were identified in Google Chrome. A remote attacker could exploit some of these vulnerabilities to trigger a denial of service condition, data manipulation, and remote code execution on the targeted system.

Description

In Google Chrome versions prior to 128.0.6613.119, two significant vulnerabilities were identified. The first is a "use after free" vulnerability in the WebAudio component, which could allow a remote attacker to exploit heap corruption by tricking users into visiting a maliciously crafted HTML page. This vulnerability stems from improper handling of memory after it has been freed, making the system susceptible to corruption.

The second vulnerability is an "out of bounds write" in the V8 JavaScript engine, which similarly allows a remote attacker to exploit heap corruption. Both vulnerabilities could be used to compromise the affected browser, enabling attackers to execute arbitrary code or cause crashes.

Impact

• Denial of Service
• Remote Code Execution
• Data Manipulation

Solution/Workarounds

Before installation of the software, please visit the software vendor website for more details.

Apply fixes issued by the vendor:

• Update to version 128.0.6613.119 (Linux) or later
• Update to version 128.0.6613.119/.120 (Mac) or later
• Update to version 128.0.6613.119/.120 (Windows) or later

Reference

• Google Chrome Security Updates

Disclaimer

The information provided herein is on an "as-is" basis, without warranty of any kind.