Google Chrome Remote Code Execution Vulnerability
RISK: Extremely High Risk
TYPE: Clients - Browsers
Multiple vulnerabilities were identified in Google Chrome. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, elevation of privilege, remote code execution and security restriction bypass on the targeted system.
Note:
For CVE-2023-4863, heap buffer overflow in WebP may lead to arbitrary code execution. Google is aware that an exploit for CVE-2023-4863 exists in the wild.
[Updated on 2023-09-13]
Updated System / Technologies affected, Solutions and Related Links.
[Updated on 2023-09-18]
Updated Impact, System / Technologies affected, Solutions, Vulnerability Identifier and Related Links.
Impact
- Denial of Service
- Elevation of Privilege
- Remote Code Execution
- Security Restriction Bypass
System / Technologies affected
- Google Chrome prior to 117.0.5938.62 (Linux)
- Google Chrome prior to 117.0.5938.62 (Mac)
- Google Chrome prior to 117.0.5938.62/.63 (Windows)
- Google Chrome prior to 117.0.5938.60 (Android)
Solutions
Before installation of the software, please visit the software vendor web-site for more details.
Apply fixes issued by the vendor:
- Update to version 117.0.5938.62 (Linux) or later
- Update to version 117.0.5938.62 (Mac) or later
- Update to version 117.0.5938.62/.63 (Windows) or later
- Update to version 117.0.5938.60 (Android) or later
Vulnerability Identifier
- CVE-2023-4863
- CVE-2023-4900
- CVE-2023-4901
- CVE-2023-4902
- CVE-2023-4903
- CVE-2023-4904
- CVE-2023-4905
- CVE-2023-4906
- CVE-2023-4907
- CVE-2023-4908
- CVE-2023-4909
Source
Related Link
Related Tags
Share with