CERT-In Vulnerability Note
CIVN-2024-0186
Multiple Vulnerabilities in Google ChromeOS
Original Issue Date:June 11, 2024
Severity Rating: HIGH
Software Affected
- LTS channel for Google ChromeOS versions prior to 120.0.6099.314 (Platform Version: 15662.111)
Overview
Multiple vulnerabilities have been reported in LTS channel for ChromeOS which could be exploited by a remote attacker to execute arbitrary code on the targeted system.
Description
These vulnerabilities exist in LTS channel for ChromeOS due to Out of bounds write in Streams API and Type Confusion in V8. A remote attacker could exploit these vulnerabilities by persuading a victim to visit a specially crafted Web page.
Successful exploitation of these vulnerabilities could allow remote attacker to execute arbitrary code on the targeted system.
Solution
Apply appropriate updates as mentioned in the advisory:
https://chromereleases.googleblog.com/2024/06/long-term-support-channel-update-for_10.html
Vendor Information
Google Chrome
https://chromereleases.googleblog.com/2024/06/long-term-support-channel-update-for_10.html
References
Google Chrome
https://chromereleases.googleblog.com/2024/06/long-term-support-channel-update-for_10.html
CVE Name
CVE-2024-5499
CVE-2024-5274
Disclaimer
The information provided herein is on "as is" basis, without warranty of any kind.
Contact Information
Email: info@cert-in.org.in Phone: +91-11-22902657
Postal address
Indian Computer Emergency Response Team (CERT-In) Ministry of Electronics and Information Technology Government of India Electronics Niketan 6, CGO Complex, Lodhi Road, New Delhi - 110 003 India
|