Advisory ID: NCC-CSIRT-180723-027
Summary: Numerous vulnerabilities have been detected in the Google Chrome browser. These vulnerabilities could be exploited by a remote attacker who convinces a user to visit a specifically designed web page with malicious intent.
Threat Type(s): Vulnerability
Impact/Probability: CRITCIAL/HIGH
Product(s): Google Chrome Browser
Vulnerable Platform(s): Google Chrome Brower
Version(s):
- Google Chrome prior to 114.0.5735.198/199 (Windows)
- Google Chrome prior to 114.0.5735.198 (Linux)
- Google Chrome prior to 114.0.5735.198 (Mac)
Description: The vulnerabilities include the following:
- Type Confusion in V8 in Google Chrome prior to 114.0.5735.198 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- Use after free in Media in Google Chrome prior to 114.0.5735.198 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- Use after free in Guest View in Google Chrome prior to 114.0.5735.198 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page
Successful exploitation of the vulnerabilities by hackers could allow for remote code execution, denial of service and data manipulation on the compromised system.
Consquences: Attackers could exploit these vulnerabilities to trigger remote code execution, denial of service and data manipulation on the compromised system.
Solution:
- Before installation of the Google Chrome software, please visit the software vendor website for more details.
- Update to version 114.0.5735.198/199 (Windows) or later.
- Update to version 114.0.5735.198 (Linux) or later.
- Update to version 114.0.5735.198 (Mac) or later
References:
https://www.hkcert.org/security-bulletin/google-chrome-multiple-vulnerabilities_20230627
https://chromereleases.googleblog.com/
https://chromereleases.googleblog.com/2023/06/stable-channel-update-for-desktop_26.html