Cobalt Strike Malware – Active IOCs

July 25, 2024

Tofsee Malware – Active IOCs

July 26, 2024

Multiple Google Chrome Vulnerabilities

July 25, 2024

Severity

High

Analysis Summary

CVE-2024-7000 CVSS:8.8

Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in CSS. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2024-6998 CVSS:8.8

Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in User Education. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2024-6997 CVSS:8.8

Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in Tabs. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2024-6996 CVSS:8.8

Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a race condition in Frames. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2024-6994 CVSS:8.8

Google Chrome is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by Layout. By persuading a victim to visit a specially crafted Web site, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash

CVE-2024-6992 CVSS:8.8

Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds memory access in ANGLE. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2024-6991 CVSS:8.8

Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in Dawn. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2024-6989 CVSS:8.8

Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in Loader. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2024-6988 CVSS:8.8

Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in Downloads. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code on the system.

Impact

Gain Access
Code Execution
Buffer Overflow

Indicators of Compromise

CVE

CVE-2024-7000
CVE-2024-6998
CVE-2024-6997
CVE-2024-6996
CVE-2024-6994
CVE-2024-6992
CVE-2024-6991
CVE-2024-6989
CVE-2024-6988

Affected Vendors

Google

Affected Products

Google Chrome 127.0

Remediation

Upgrade to the latest version of Google Chrome, available from the Google Chrome Releases Website.

Google Chrome Releases Website

Rewterz Annual Threat Intelligence Report 2024 - Download Now

Rewterz Annual Threat Intelligence Report 2024 - Download Now

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

CoinMiner Malware – Active IOCs

Google Warns of Active Exploits Targeting Chrome V8 Vulnerability

CVE-2025-6554 – Google Chrome Vulnerability

Threat Insights

About Us

Our Leadership

CSR

Connect with Us