Rewterz Threat Alert – MetaStealer Malware – Active IOCs
January 24, 2024Rewterz Threat Alert – Iran’s Latest Mint Sandstorm APT Campaign Targets Universities and Research Organizations – Active IOCs
January 24, 2024Rewterz Threat Alert – MetaStealer Malware – Active IOCs
January 24, 2024Rewterz Threat Alert – Iran’s Latest Mint Sandstorm APT Campaign Targets Universities and Research Organizations – Active IOCs
January 24, 2024Severity
High
Analysis Summary
CVE-2024-0809 CVSS:6.5
Google Chrome could allow a remote attacker to bypass security restrictions, caused by inappropriate implementation in Autofill. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.
CVE-2024-0811 CVSS:6.5
Google Chrome could allow a remote attacker to bypass security restrictions, caused by inappropriate implementation in Extensions API. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.
CVE-2024-0804 CVSS:6.5
Google Chrome could allow a remote attacker to bypass security restrictions, caused by insufficient policy enforcement in iOS Security UI. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.
CVE-2024-0805 CVSS:6.5
Google Chrome could allow a remote attacker to bypass security restrictions, caused by inappropriate implementation in Downloads. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.
CVE-2024-0814 CVSS:6.5
Google Chrome could allow a remote attacker to bypass security restrictions, caused by incorrect security UI in Payments. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.
CVE-2024-0810 CVSS:6.5
Google Chrome could allow a remote attacker to bypass security restrictions, caused by insufficient policy enforcement in DevTools. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.
CVE-2024-0806 CVSS:8.8
Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in Passwords. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2024-0813 CVSS:8.8
Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in Reading Mode. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2024-0808 CVSS:8.8
Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by an integer underflow in WebUI. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2024-0812 CVSS:6.5
Google Chrome could allow a remote attacker to bypass security restrictions, caused by inappropriate implementation in Accessibility. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.
CVE-2024-0807 CVSS:8.8
Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in WebAudio. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the system.
Impact
- Gain Access
- Code Execution
- Security Bypass
Indicators Of Compromise
CVE
- CVE-2024-0809
- CVE-2024-0811
- CVE-2024-0804
- CVE-2024-0805
- CVE-2024-0814
- CVE-2024-0810
- CVE-2024-0806
- CVE-2024-0813
- CVE-2024-0808
- CVE-2024-0812
- CVE-2024-0807
Affected Vendors
Affected Products
- Google Chrome 121.0
Remediation
Upgrade to the latest version of Google Chrome, available from the Google Chrome Releases Website.