Thursday November 21, 2024

Advisory ID: NCC-CSIRT-0603-013

Summary:  Google Chrome has been found to have several vulnerabilities that an attacker may use to execute arbitrary code and access sensitive information on the targeted device.

Vulnerable Platform(s): Windows, Mac, and Linux Operating Systems 

Threat Type:  

  • Vulnerability

Product :   Google Chrome Browser

Version:   

  • Google Chrome Browser versions prior to 110.0.5481.178 for Windows.
  • Google Chrome Browser versions prior to 110.0.5481.177 for Mac and Linux.

Description:  According to a finding by the Indian Computer Emergency Response Team, the multiple vulnerabilities affecting the Google Chrome include use after free in Web Payments API, SwiftShader, Vulkan, WebRTC, Video, and Prompts Vulnerabilities; Heap buffer overflow in Video Vulnerability; and Integer overflow in PDF Vulnerability. By exploiting these vulnerabilities, a remote attacker may be able to trick a victim into visiting a malicious website. 

Consquences:  Attackers may have access to the sensitive information of the compromised systems. 

Impact/Probability: HIGH/HIGH

Solution : 

Users should apply the necessary updates provided on the vendor's website. 

References: 

https://cert-in.org.in/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0927
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0928
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0929
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0930
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0931
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0932
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0933
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0941