Multiple Vulnerabilities in Google Chrome OS

[CIVN-2024-0031] Multiple Vulnerabilities in Google Chrome OS

Indian – Computer Emergency Response Team (cert-in.org.in)

Severity Rating: HIGH

Software Affected

Google Chrome OS LTS channel version prior to 114.0.5735.350 (Platform Version: 15437.90.0)

Overview

Multiple Vulnerabilities have been reported in Google Chrome OS which could be exploited by a remote attacker to execute arbitrary code, gain elevated privileges, bypass security restrictions or cause denial of service condition on the targeted system.

Description

These vulnerabilities exist in Google Chrome OS due to Use after free in Side Panel Search; Insufficient data validation in Extensions. A remote attacker could exploit these vulnerabilities by persuading a victim to visit a specially crafted web page.

Successful exploitation of these vulnerabilities could allow a remote attacker to execute arbitrary code, bypass security restrictions or cause denial of service condition on the targeted system.

Solution

Apply appropriate updates as mentioned by the vendor:

https://chromereleases.googleblog.com/2024/02/long-term-support-channel-update-for.html

Vendor Information

Google Chrome

https://chromereleases.googleblog.com/2024/02/long-term-support-channel-update-for.html

References

Google Chrome

https://chromereleases.googleblog.com/2024/02/long-term-support-channel-update-for.html

CVE Name

CVE-2023-6509

CVE-2024-0333

CVE-2023-21162

CVE-2023-21163

CVE-2023-21164

CVE-2023-21166

CVE-2023-21215

CVE-2023-21216

CVE-2023-21217

CVE-2023-21218

CVE-2023-21228

CVE-2023-21402

– —

From.

CERT-In

[CIVN-2024-0031] Multiple Vulnerabilities in Google Chrome OS

Overview

Description

Solution

Related Posts

Debunking the Difference: Penetration Testing vs. Bug Bounty

PCI DSS 101: Compliance Simplified by Devolity

Widespread Errors That Expose Small Businesses to Cybersecurity Breaches