Information for
Multiple Vulnerabilities in Google Chrome (CERT-NCSOC-0221)
Components Affected
- Google Chrome prior to 123.0.6312.86 (Linux)
- Google Chrome prior to 123.0.6312.86/.87 (Mac)
- Google Chrome prior to 123.0.6312.86/.87 (Windows)
Overview
Multiple vulnerabilities were identified in Google Chrome. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition and remote code execution on the targeted system.
Description
Google has fixed seven security vulnerabilities in the Chrome web browser, including two zero-days.Other vulnerabilities are tracked as follows.
- CVE-2024-2883: Use after free weakness in ANGLE.
- CVE-2024-2885: Use after free weakness in Dawn.
- CVE-2024-2886: Use after free weakness in WebCodecs API.
- CVE-2024-2887: Type Confusion in WebAssembly open standard.
Impact
- Remote Code Execution
- Denial of Service
Solution/ Workarounds
Before installation of the software, please visit the software vendor web-site for more details.
Apply fixes issued by the vendor by updating to the latest version:
- Update to version 123.0.6312.86 (Linux) or later
- Update to version 123.0.6312.86/.87 (Mac) or later
- Update to version 123.0.6312.86/.87 (Windows) or later
Reference
https://www.hkcert.org/security-bulletin/google-chrome-multiple-
vulnerabilities_20240327
https://chromereleases.googleblog.com/
vulnerabilities_20240327
https://chromereleases.googleblog.com/
Disclaimer
The information provided herein is on an “as is” basis, without warranty of any kind.
Connect with us
-
The decision we make today on cyber security will determine the security of the society in which we live tomorrow.
Total Users : 204329
© Sri Lanka CERT|CC 2024. All rights Reserved.
Designed and Developed by Procons Infotech
Skip to content
Designed and Developed by Procons Infotech