CERT-In Vulnerability Note
CIVN-2023-0280
Multiple Vulnerabilities in Google Chrome for Desktop
Original Issue Date:September 29, 2023
Severity Rating: HIGH
Software Affected
- Google Chrome for Desktop versions prior to 117.0.5938.132 (for Windows, Mac and Linux)
Overview
Multiple vulnerabilities have been reported in Google Chrome which could allow an attacker to execute arbitrary code, bypass security restrictions or cause a denial-of-service condition on the targeted system.
Description
These vulnerabilities exist in Google Chrome due to heap buffer overflow in vp8 encoding in libvpx; use-after-free error in Passwords and Extensions. A remote attacker could exploit these vulnerabilities by executing a specially crafted HTML page.
Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code, bypass security restrictions or cause a denial-of-service condition on the targeted system.
Note: The vulnerability under CVE-2023-5217 is being exploited in the wild. Users are advised to patch the vulnerable devices immediately.
Solution
Apply appropriate updates as mentioned by the vendor
https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_27.html
Vendor Information
Google Chrome
https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_27.html
References
Google Chrome
https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_27.html
CVE Name
CVE-2023-5217
CVE-2023-5186
CVE-2023-5187
Disclaimer
The information provided herein is on "as is" basis, without warranty of any kind.
Contact Information
Email: info@cert-in.org.in Phone: +91-11-24368572
Postal address
Indian Computer Emergency Response Team (CERT-In) Ministry of Electronics and Information Technology Government of India Electronics Niketan 6, CGO Complex, Lodhi Road, New Delhi - 110 003 India
|