Multiple Cisco Products Vulnerabilities

August 23, 2024

CVE-2024-21690 – Atlassian Confluence Data Center and Server Vulnerability

August 23, 2024

Multiple Google Chrome Vulnerabilities

Severity

Medium

Analysis Summary

CVE-2024-7979 CVSS:6.5

Google Chrome could allow a remote attacker to bypass security restrictions, caused by insufficient data validation in Installer. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.

CVE-2024-7977 CVSS:6.5

CVE-2024-8033 CVSS:6.5

Google Chrome could allow a remote attacker to bypass security restrictions, caused by inappropriate implementation in WebApp Installs. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.

CVE-2024-8035 CVSS:6.5

Google Chrome could allow a remote attacker to bypass security restrictions, caused by inappropriate implementation in Extensions. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.

CVE-2024-7978 CVSS:6.5

Google Chrome could allow a remote attacker to bypass security restrictions, caused by insufficient policy enforcement in Data Transfer. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.

CVE-2024-7965 CVSS:6.5

Google Chrome could allow a remote attacker to bypass security restrictions, caused by inappropriate implementation in V8. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.

CVE-2024-7974 CVSS:6.5

Google Chrome could allow a remote attacker to bypass security restrictions, caused by insufficient data validation in V8 API. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.

CVE-2024-7972 CVSS:6.5

CVE-2024-7980 CVSS:6.5

CVE-2024-7976 CVSS:6.5

Google Chrome could allow a remote attacker to bypass security restrictions, caused by inappropriate implementation in FedCM. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.

CVE-2024-7975 CVSS:6.5

Google Chrome could allow a remote attacker to bypass security restrictions, caused by inappropriate implementation in Permissions. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.

CVE-2024-7981 CVSS:6.5

Google Chrome could allow a remote attacker to bypass security restrictions, caused by inappropriate implementation in Views. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.

CVE-2024-8034 CVSS:6.5

Google Chrome could allow a remote attacker to bypass security restrictions, caused by inappropriate implementation in Custom Tabs. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.

Impact

Security Bypass

Indicators of Compromise

CVE

CVE-2024-7979
CVE-2024-7977
CVE-2024-8033
CVE-2024-8035
CVE-2024-7978
CVE-2024-7965
CVE-2024-7974
CVE-2024-7972
CVE-2024-7980
CVE-2024-7976
CVE-2024-7975
CVE-2024-7981
CVE-2024-8034

Affected Vendors

Google

Affected Products

Google Chrome 128.0

Remediation

Upgrade to the latest version of Google Chrome, available from the Google Chrome Releases Website.

Google Chrome Releases Website