Advisory ID: NCC-CSIRT-030424-006
Summary:
Several vulnerabilities have been identified in Google Chrome that could be exploited by attackers to compromise systems and data. These vulnerabilities pose a serious risk to customers and organizations worldwide, ranging from further remote code execution to data and information disclosure.
Threat Type(s): Denial of Service (DoS), User Interface (UI) Spoofing, Remote Code Execution (RCE)
Impact/Vulnerability: HIGH/HIGH
Product(s): Google Chrome
Platform(s): Google Chrome for Windows, MacOS and Linux, Google Chrome for Android and iOS
Version(s): All Versions.
Description:
The vulnerabilities affect various components of Google Chrome including:
- Type Confusion Vulnerabilities: Type confusion vulnerabilities can cause memory corruption and even provide an opportunity for code execution in some Chrome operations.
- Usage-After-Free Vulnerabilities: These flaws in Chrome's memory management could be used to execute arbitrary code or result in a denial-of-service attack.
- Insecure Origin Policy Bypass: Attackers might be able to obtain sensitive data across sources if they manage to get around some of Chrome's security model's controls.
- UI Spoofing Attacks: Users may be tricked into engaging with malicious content by manipulating Chrome's user interface, which could result in undesired behaviours or the disclosure of confidential information.
Consequences:
The identified vulnerabilities in Google Chrome pose risks to users and organizations, potentially leading to:
- Execution of arbitrary code
- Access to sensitive information
- Denial of Service (DoS)
- UI manipulation to deceive users.
- Compromise of user privacy
Solution:
To mitigate the risks associated with these vulnerabilities, it is highly recommended that users take the following steps.
- Update Google Chrome: Ensure that Google Chrome is updated to the latest version available. Google frequently releases security patches and updates to address known vulnerabilities. Users can manually check for updates by navigating to Chrome's settings and selecting the "About Chrome" option.
- Proceed with Caution: Avoid clicking on suspicious links or downloading files from untrusted sources while browsing the web. Be cautious when connecting with content or websites you are not familiar with.
- Utilize Security Features: Turn on built-in security measures like Safe Browsing to guard against malware, phishing scams, and other dangerous websites.
- Report Security Issues: If you discover any suspicious activity or believe you have encountered a security vulnerability in Google Chrome, report it to Google immediately through their Vulnerability Reward Program or security reporting mechanisms.