Chrome Security Vulnerability Let Attackers Execute Malicious Code


Google has released a critical security update for its Chrome browser, addressing multiple high-severity vulnerabilities that could allow attackers to execute malicious code on users’ systems.

The update, version 127.0.6533.99/.100 for Windows and Mac, and 127.0.6533.99 for Linux, was announced on August 6, 2024, and is currently being rolled out to users worldwide.

EHA

The most severe of these vulnerabilities, CVE-2024-7532, is classified as critical and involves an out-of-bounds memory access in ANGLE (Almost Native Graphics Layer Engine).

Are you from SOC and DFIR Teams? – Analyse Malware Incidents & get live Access with ANY.RUN -> Free Access

This flaw could allow attackers to execute arbitrary code or cause system crashes, posing a significant risk to users’ security and privacy.

In addition to the critical vulnerability, the update addresses five high-severity issues:

  1. CVE-2024-7532: Out-of-bounds memory access in ANGLE.
  2. CVE-2024-7533: A use-after-free vulnerability in the Sharing feature
  3. CVE-2024-7550: A type confusion flaw in the V8 JavaScript engine
  4. CVE-2024-7534: A heap buffer overflow in the Layout component
  5. CVE-2024-7535: An inappropriate implementation in V8
  6. CVE-2024-7536: A use-after-free vulnerability in WebAudio

Malicious actors could potentially exploit these vulnerabilities to gain unauthorized access to users’ systems, steal sensitive information, or execute arbitrary code.

Google has not disclosed specific details about the vulnerabilities to prevent further exploitation, as is common practice until a majority of users have updated their browsers.

The company has awarded substantial bug bounties to the security researchers who reported these flaws, with one researcher receiving $11,000 for identifying the Sharing vulnerability.

Users are strongly advised to update their Chrome browsers immediately to the latest version to protect themselves from potential attacks. To update Chrome:

  1. Open the Chrome browser
  2. Click on the three-dot menu in the top-right corner
  3. Go to Help > About Google Chrome
  4. Chrome will automatically check for updates and install them if available
  5. Restart the browser to complete the update process.

This incident serves as a reminder of the ongoing importance of keeping software up-to-date and the critical role that security researchers play in identifying and reporting vulnerabilities.

As cyber threats continue to evolve, prompt patching and vigilant security practices remain essential for maintaining online safety.

How to Build a Security Framework With Limited Resources IT Security Team (PDF) - Free Guide



Source link