Multiple Vulnerabilities in Google Chrome (CERT-NCSOC-0221)

Languages: සිංහල. post_translations: pll_6606651be4350. Risk Level: High.

Components Affected

  • Google Chrome prior to 123.0.6312.86 (Linux)
  • Google Chrome prior to 123.0.6312.86/.87 (Mac)
  • Google Chrome prior to 123.0.6312.86/.87 (Windows)

Overview

Multiple vulnerabilities were identified in Google Chrome. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition and remote code execution on the targeted system.

Description

Google has fixed seven security vulnerabilities in the Chrome web browser, including two zero-days.Other vulnerabilities are tracked as follows.

  • CVE-2024-2883: Use after free weakness in ANGLE.
  • CVE-2024-2885: Use after free weakness in Dawn.
  • CVE-2024-2886: Use after free weakness in WebCodecs API.
  • CVE-2024-2887: Type Confusion in WebAssembly open standard.

Impact

  • Remote Code Execution
  • Denial of Service

Solution/ Workarounds

Before installation of the software, please visit the software vendor web-site for more details.

Apply fixes issued by the vendor by updating to the latest version:

  • Update to version 123.0.6312.86 (Linux) or later
  • Update to version 123.0.6312.86/.87 (Mac) or later
  • Update to version 123.0.6312.86/.87 (Windows) or later

Reference

Disclaimer

The information provided herein is on an “as is” basis, without warranty of any kind.