Multiple Google Products Vulnerabilities

Severity

High

Analysis Summary

CVE-2024-8904 CVSS:8.8

Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a type confusion in V8. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2024-22013 CVSS:7.8

Google Nest Wifi Pro could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the U-Boot component. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges.

Impact

Code Execution
Privilege Escalation

Indicators of Compromise

CVE

CVE-2024-8904
CVE-2024-22013

Affected Vendors

Google

Affected Products

Google Chrome - 129.0
Google Nest Wifi Pro - 3.73.424613

Remediation

Upgrade to the latest version of Google, available from the Google Releases Website.

CVE-2024-8904

CVE-2024-22013

North Korean Threat Actors Use New MISTPEN Malware to Target Energy and Aerospace Sectors – Active IOCs

Multiple Mozilla Products Vulnerabilities

Multiple Google Products Vulnerabilities

Severity

High

Analysis Summary

Indicators of Compromise

CVE

Affected Vendors

Affected Products

Remediation

Security Operations Centers across the region

Saudi Arabia

UAE

Oman

Pakistan