SideWinder APT Group aka Rattlesnake Targeting Pakistan – Active IOCs

August 7, 2024

GuLoader Malspam Campaign – Active IOCs

August 8, 2024

Multiple Google Chrome Vulnerabilities

August 7, 2024

Severity

High

Analysis Summary

CVE-2024-7532 CVSS:8.8

Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds memory access in ANGLE. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2024-7550 CVSS:8.8

Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a type confusion in V8. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2024-7533 CVSS:8.8

Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in Sharing. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2024-7536 CVSS:8.8

Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in WebAudio. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2024-7534 CVSS:8.8

Google Chrome is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by Layout. By persuading a victim to visit a specially crafted Web site, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.

CVE-2024-7535 CVSS:6.5

Google Chrome could allow a remote attacker to bypass security restrictions, caused by inappropriate implementation in V8. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.

Impact

Security Bypass
Buffer Overflow
Code Execution

Indicators of Compromise

CVE

CVE-2024-7532
CVE-2024-7550
CVE-2024-7533
CVE-2024-7536
CVE-2024-7534
CVE-2024-7535

Affected Vendors

Google

Affected Products

Google Chrome 127.0

Remediation

Upgrade to the latest version of Google Chrome, available from the Google Chrome Releases Website.

Google Chrome Releases Website

Rewterz Annual Threat Intelligence Report 2024 - Download Now

Rewterz Annual Threat Intelligence Report 2024 - Download Now

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

Local Privilege Escalation to Root via Sudo chroot in Linux

CoinMiner Malware – Active IOCs

Google Warns of Active Exploits Targeting Chrome V8 Vulnerability

Threat Insights

About Us

Our Leadership

CSR

Connect with Us