Rewterz Threat Advisory – Multiple Google Products Vulnerabilities

Severity

High

Analysis Summary

CVE-2024-0029 CVSS:8.4

Google Android could allow a local attacker to gain elevated privileges on the system, caused by a flaw in the Framework component. By sending a specially crafted request, an attacker could exploit this vulnerability to gain elevated privileges.

CVE-2024-0031 CVSS:9.8

Google Android could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the System component. By executing a specially crafted application, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2024-1283 CVSS:8.8

Google Chrome is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by Skia. By persuading a victim to visit a specially crafted Web site, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.

CVE-2024-1284 CVSS:8.8

Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in Mojo. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the system.

Impact

• Gain Access
• Code Execution
• Buffer Overflow
• Privilege Escalation

Indicators Of Compromise

CVE

• CVE-2024-0029
• CVE-2024-0031
• CVE-2024-1283
• CVE-2024-1284

Affected Vendors

Google

Affected Products

• Google Android 12
• Google Android 11
• Google Android 12L
• Google Android 13
• Google Android 14
• Google Chrome 121.0

Remediation

Refer to Google Website for patch, upgrade, or suggested workaround information.

CVE-2024-0029

CVE-2024-0031

CVE-2024-1283

CVE-2024-1284