Request a Demo
Rewterz
Cobalt Strike Malware – Active IOCs
July 25, 2024
Rewterz
Tofsee Malware – Active IOCs
July 26, 2024

Multiple Google Chrome Vulnerabilities

Severity

High

Analysis Summary

CVE-2024-7000 CVSS:8.8

Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in CSS. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2024-6998 CVSS:8.8

Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in User Education. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2024-6997 CVSS:8.8

Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in Tabs. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2024-6996 CVSS:8.8

Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a race condition in Frames. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2024-6994 CVSS:8.8

Google Chrome is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by Layout. By persuading a victim to visit a specially crafted Web site, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash

CVE-2024-6992 CVSS:8.8

Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds memory access in ANGLE. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2024-6991 CVSS:8.8

Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in Dawn. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2024-6989 CVSS:8.8

Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in Loader. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2024-6988 CVSS:8.8

Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in Downloads. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code on the system.

Impact

  • Gain Access
  • Code Execution
  • Buffer Overflow

Indicators of Compromise

CVE

  • CVE-2024-7000
  • CVE-2024-6998
  • CVE-2024-6997
  • CVE-2024-6996
  • CVE-2024-6994
  • CVE-2024-6992
  • CVE-2024-6991
  • CVE-2024-6989
  • CVE-2024-6988

Affected Vendors

Google

Affected Products

  • Google Chrome 127.0

Remediation

Upgrade to the latest version of Google Chrome, available from the Google Chrome Releases Website.

Google Chrome Releases Website