Rewterz Threat Alert – STOP (DJVU) Ransomware – Active IOCs
February 9, 2023Rewterz Threat Alert – Conti Ransomware – Active IOCs
February 9, 2023Rewterz Threat Alert – STOP (DJVU) Ransomware – Active IOCs
February 9, 2023Rewterz Threat Alert – Conti Ransomware – Active IOCs
February 9, 2023Severity
High
Analysis Summary
CVE-2023-0705 CVSS:8.8
Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow in Core. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service on the system.
CVE-2023-0704 CVSS:6.5
Google Chrome could allow a remote attacker to bypass security restrictions, caused by insufficient policy enforcement in DevTools. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.
CVE-2023-0703 CVSS:8.8
Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a type confusion in DevTools. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service on the system.
CVE-2023-0702 CVSS:8.8
Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a type confusion in Data Transfer. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service on the system.
CVE-2023-0701 CVSS:8.8
Google Chrome is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by WebUI. By persuading a victim to visit a specially crafted Web site, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVE-2023-0700 CVSS:6.5
Google Chrome could allow a remote attacker to bypass security restrictions, caused by inappropriate implementation in Download. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.
CVE-2023-0699 CVSS:8.8
Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in GPU. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service on the system.
CVE-2023-0698 CVSS:8.8
Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds read in WebRTC. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service on the system.
Impact
- Code Execution
- Security Bypass
- Buffer Overflow
- Unauthorized Access
Indicators Of Compromise
CVE
CVE-2023-0705
CVE-2023-0704
CVE-2023-0703
CVE-2023-0702
CVE-2023-0701
CVE-2023-0700
CVE-2023-0699
CVE-2023-0698
Affected Vendors
Affected Products
- Google Chrome 110.0
Remediation
Upgrade to the latest version of Chrome, available from the Google Chrome Releases Web site.