Summary
Google has released an update for the Chrome browser to fix 37 security vulnerabilities, including 6 with a severity of “high.”
Notes (updated 08/27/2024): The vendor states that CVE-2024-7971 is being actively exploited online.
Notes (updated 08/27/2024): The vendor states that CVE-2024-7965 is being actively exploited online.
Notes (updated 09/23/2024): A Proof of Concept (PoC) for the exploitation of CVE-2024-7965 is available online.
Risk
Estimate of the vulnerability’s impact on the reference community: SEVERE/RED (77.94/100)1.
Type
- Denial of Service
- Remote Code Execution
- Security Restriction Bypass
- Information Disclosure
Affected Products and Versions
Google Chrome
- versions prior to 128.0.6613.84/.85 for Windows and Mac
- versions prior to 128.0.6613.84 for Linux
Mitigation Actions
In line with Google’s statements, it is recommended to update the product for Windows, Mac and Linux to the latest available version.
Unique Vulnerability Identifiers
As indicated by the vendor, only indicators detected by external researchers with severity are reported
References
https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop_21.html
1This estimate is made taking into account several parameters, including: CVSS, availability of patches/workarounds and PoC, diffusion of the affected software/devices in the reference community.
