CERT-In Vulnerability Note
CIVN-2023-0343
Remote Code Execution Vulnerability in Google Chrome
Original Issue Date:November 15, 2023
Severity Rating: HIGH
Software Affected
- Google Chrome versions prior to 119.0.6045.123 for Linux and Mac
- Google Chrome versions prior to 119.0.6045.123/.124 for Windows
Overview
A vulnerability has been reported in Google Chrome which could be exploited by a remote attacker to execute arbitrary code, gain elevated privileges or cause denial of service condition on the targeted system.
Description
The vulnerability exists in Google Chrome due to use-after-free flaw in the Web Audio component. An attacker could exploit this vulnerability by persuading a victim to visit a specially crafted website.
Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code, gain elevated privileges or cause denial of service condition on the targeted system.
Solution
Apply appropriate updates as mentioned
https://chromereleases.googleblog.com/2023/11/stable-channel-update-for-desktop.html
Vendor Information
Google Chrome
https://chromereleases.googleblog.com/2023/11/stable-channel-update-for-desktop.html
References
https://chromereleases.googleblog.com/2023/11/stable-channel-update-for-desktop.html
CVE Name
CVE-2023-5996
Disclaimer
The information provided herein is on "as is" basis, without warranty of any kind.
Contact Information
Email: info@cert-in.org.in Phone: +91-11-24368572
Postal address
Indian Computer Emergency Response Team (CERT-In) Ministry of Electronics and Information Technology Government of India Electronics Niketan 6, CGO Complex, Lodhi Road, New Delhi - 110 003 India
|