Multiple Google Chrome Vulnerabilities

Severity

Medium

Analysis Summary

CVE-2024-9966 CVSS:6.5

Google Chrome could allow a remote attacker to bypass security restrictions, caused by inappropriate implementation in Navigations. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.

CVE-2024-9956 CVSS:6.5

Google Chrome could allow a remote attacker to bypass security restrictions, caused by inappropriate implementation in Web Authentication. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.

CVE-2024-9958 CVSS:6.5

Google Chrome could allow a remote attacker to bypass security restrictions, caused by inappropriate implementation in PictureInPicture. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.

Impact

Security Bypass

Indicators of Compromise

CVE

CVE-2024-9966
CVE-2024-9956
CVE-2024-9958

Affected Vendors

Google

Affected Products

Google Chrome - 130.0
Google Chrome - 130.0.6723.58

Remediation

Upgrade to the latest version of Google Chrome, available from the Google Chrome Releases Website.

Google Chrome Releases Website

Attackers Increasingly Using Winos4.0 Post-Exploitation Kit – Active IOCs

Bitter APT Targeting Pakistan – Active IOCs

Multiple Google Chrome Vulnerabilities

Severity

Medium

Analysis Summary

Indicators of Compromise

CVE

Affected Vendors

Affected Products

Remediation

Security Operations Centers across the region

Saudi Arabia

UAE

Oman

Pakistan