Google Chrome Remote Code Execution Vulnerability
RISK: Extremely High Risk
TYPE: Clients - Browsers
Multiple vulnerabilities were identified in Google Chrome. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, elevation of privilege, remote code execution and security restriction bypass on the targeted system.
For CVE-2023-4863, heap buffer overflow in WebP may lead to arbitrary code execution. Google is aware that an exploit for CVE-2023-4863 exists in the wild.
[Updated on 2023-09-13]
Updated System / Technologies affected, Solutions and Related Links.
[Updated on 2023-09-18]
Updated Impact, System / Technologies affected, Solutions, Vulnerability Identifier and Related Links.
- Denial of Service
- Elevation of Privilege
- Remote Code Execution
- Security Restriction Bypass
System / Technologies affected
- Google Chrome prior to 117.0.5938.62 (Linux)
- Google Chrome prior to 117.0.5938.62 (Mac)
- Google Chrome prior to 117.0.5938.62/.63 (Windows)
- Google Chrome prior to 117.0.5938.60 (Android)
Before installation of the software, please visit the software vendor web-site for more details.
Apply fixes issued by the vendor:
- Update to version 117.0.5938.62 (Linux) or later
- Update to version 117.0.5938.62 (Mac) or later
- Update to version 117.0.5938.62/.63 (Windows) or later
- Update to version 117.0.5938.60 (Android) or later