Request a Demo
Rewterz
Rewterz Threat Alert – STOP (DJVU) Ransomware – Active IOCs
February 9, 2023
Rewterz
Rewterz Threat Alert – Conti Ransomware – Active IOCs
February 9, 2023

Rewterz Threat Advisory – Multiple Google Chrome Vulnerabilities

Severity

High

Analysis Summary

CVE-2023-0705 CVSS:8.8

Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow in Core. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service on the system.

CVE-2023-0704 CVSS:6.5

Google Chrome could allow a remote attacker to bypass security restrictions, caused by insufficient policy enforcement in DevTools. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.

CVE-2023-0703 CVSS:8.8

Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a type confusion in DevTools. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service on the system.

CVE-2023-0702 CVSS:8.8

Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a type confusion in Data Transfer. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service on the system.

CVE-2023-0701 CVSS:8.8

Google Chrome is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by WebUI. By persuading a victim to visit a specially crafted Web site, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.

CVE-2023-0700 CVSS:6.5

Google Chrome could allow a remote attacker to bypass security restrictions, caused by inappropriate implementation in Download. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.

CVE-2023-0699 CVSS:8.8

Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in GPU. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service on the system.

CVE-2023-0698 CVSS:8.8

Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds read in WebRTC. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service on the system.

Impact

  • Code Execution
  • Security Bypass
  • Buffer Overflow
  • Unauthorized Access

Indicators Of Compromise

CVE

CVE-2023-0705
CVE-2023-0704
CVE-2023-0703
CVE-2023-0702
CVE-2023-0701
CVE-2023-0700
CVE-2023-0699
CVE-2023-0698

Affected Vendors

Google

Affected Products

  • Google Chrome 110.0

Remediation

Upgrade to the latest version of Chrome, available from the Google Chrome Releases Web site.

Google Chrome Releases Web site