Skip to main content

Google Chrome Remote Code Execution Vulnerability

Last Update Date: 18 Sep 2023 Release Date: 12 Sep 2023 3759 Views

RISK: Extremely High Risk

TYPE: Clients - Browsers

TYPE: Browsers

Multiple vulnerabilities were identified in Google Chrome.  A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, elevation of privilege, remote code execution and security restriction bypass on the targeted system.

 

Note:

For CVE-2023-4863, heap buffer overflow in WebP may lead to arbitrary code execution. Google is aware that an exploit for CVE-2023-4863 exists in the wild.

 

[Updated on 2023-09-13]

Updated System / Technologies affected, Solutions and Related Links.

 

[Updated on 2023-09-18]

Updated Impact, System / Technologies affected, Solutions, Vulnerability Identifier and Related Links.


Impact

  • Denial of Service
  • Elevation of Privilege
  • Remote Code Execution
  • Security Restriction Bypass

System / Technologies affected

  • Google Chrome prior to 117.0.5938.62 (Linux)
  • Google Chrome prior to 117.0.5938.62 (Mac)
  • Google Chrome prior to 117.0.5938.62/.63 (Windows)
  • Google Chrome prior to 117.0.5938.60 (Android)

Solutions

Before installation of the software, please visit the software vendor web-site for more details.

Apply fixes issued by the vendor:

  • Update to version 117.0.5938.62 (Linux) or later
  • Update to version 117.0.5938.62 (Mac) or later
  • Update to version 117.0.5938.62/.63 (Windows) or later
  • Update to version 117.0.5938.60 (Android) or later

Vulnerability Identifier


Source


Related Link