Rewterz Threat Advisory – Multiple Google Chrome Vulnerabilities

Severity

High

Analysis Summary

CVE-2023-2941 CVSS:6.5

Google Chrome could allow a remote attacker to bypass security restrictions, caused by inappropriate implementation in the Extensions component. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.

CVE-2023-2940 CVSS:6.5

Google Chrome could allow a remote attacker to bypass security restrictions, caused by inappropriate implementation in the Downloads component. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.

CVE-2023-2939 CVSS:6.5

Google Chrome could allow a remote attacker to bypass security restrictions, caused by insufficient data validation in the Installer component. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.

CVE-2023-2938 CVSS:6.5

Google Chrome could allow a remote attacker to bypass security restrictions, caused by inappropriate implementation in the Picture In Picture component. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.

CVE-2023-2936 CVSS:8.8

Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a type confusion in the V8 component. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause the application to crash.

CVE-2023-2935 CVSS:8.8

Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a type confusion in the V8 component. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause the application to crash.

CVE-2023-2934 CVSS:8.8

Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds memory access in the Mojo component. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause the application to crash.

CVE-2023-2933 CVSS:8.8

Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in the PDF component. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause the application to crash.

CVE-2023-2932 CVSS:8.8

Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in the PDF component. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause the application to crash.

CVE-2023-2931 CVSS:8.8

Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in the PDF component. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause the application to crash.

CVE-2023-2929 CVSS:8.8

Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds write in the Swiftshader component. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause the application to crash.

CVE-2023-2937 CVSS:6.5

Google Chrome could allow a remote attacker to bypass security restrictions, caused by inappropriate implementation in the Picture In Picture component. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.

CVE-2023-2930 CVSS:8.8

Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in the Extensions component. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause the application to crash.

Impact

Code Execution
Security Bypass

Indicators Of Compromise

CVE

CVE-2023-2941
CVE-2023-2940
CVE-2023-2939
CVE-2023-2938
CVE-2023-2936
CVE-2023-2935
CVE-2023-2934
CVE-2023-2933
CVE-2023-2932
CVE-2023-2931
CVE-2023-2929
CVE-2023-2937
CVE-2023-2930

Affected Vendors

Google

Affected Products

Google Chrome 114.0

Remediation

Upgrade to the latest version of Google Chrome, available from the Google Chrome Releases Web site.

Google Chrome Releases Web site

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

CVE-2024-32638 – Apache APISIX Vulnerability

Multiple SAP Products Vulnerabilities

Multiple IBM Products Vulnerabilities

Threat Insights

About Us

Our Leadership

CSR

Connect with Us

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

CVE-2024-32638 – Apache APISIX Vulnerability

Multiple SAP Products Vulnerabilities

Multiple IBM Products Vulnerabilities

Threat Insights

About Us

Our Leadership

CSR

Connect with Us

Rewterz Threat Alert – Threat Actors Weaponizing .ZIP Domains To Trick Victims

Rewterz Threat Advisory – ICS: Advantech WebAccess/SCADA Vulnerability