Advisory ID: NCC-CSIRT-0603-013
Summary: Google Chrome has been found to have several vulnerabilities that an attacker may use to execute arbitrary code and access sensitive information on the targeted device.
Vulnerable Platform(s): Windows, Mac, and Linux Operating Systems
Threat Type:
- Vulnerability
Product : Google Chrome Browser
Version:
- Google Chrome Browser versions prior to 110.0.5481.178 for Windows.
- Google Chrome Browser versions prior to 110.0.5481.177 for Mac and Linux.
Description: According to a finding by the Indian Computer Emergency Response Team, the multiple vulnerabilities affecting the Google Chrome include use after free in Web Payments API, SwiftShader, Vulkan, WebRTC, Video, and Prompts Vulnerabilities; Heap buffer overflow in Video Vulnerability; and Integer overflow in PDF Vulnerability. By exploiting these vulnerabilities, a remote attacker may be able to trick a victim into visiting a malicious website.
Consquences: Attackers may have access to the sensitive information of the compromised systems.
Impact/Probability: HIGH/HIGH
Solution :
Users should apply the necessary updates provided on the vendor's website.
References:
https://cert-in.org.in/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0927
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0928
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0929
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0930
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0931
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0932
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0933
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0941