Rewterz Threat Advisory – Multiple Google Chrome Vulnerabilities

Severity

High

Analysis Summary

CVE-2024-0809 CVSS:6.5

Google Chrome could allow a remote attacker to bypass security restrictions, caused by inappropriate implementation in Autofill. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.

CVE-2024-0811 CVSS:6.5

Google Chrome could allow a remote attacker to bypass security restrictions, caused by inappropriate implementation in Extensions API. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.

CVE-2024-0804 CVSS:6.5

Google Chrome could allow a remote attacker to bypass security restrictions, caused by insufficient policy enforcement in iOS Security UI. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.

CVE-2024-0805 CVSS:6.5

Google Chrome could allow a remote attacker to bypass security restrictions, caused by inappropriate implementation in Downloads. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.

CVE-2024-0814 CVSS:6.5

Google Chrome could allow a remote attacker to bypass security restrictions, caused by incorrect security UI in Payments. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.

CVE-2024-0810 CVSS:6.5

Google Chrome could allow a remote attacker to bypass security restrictions, caused by insufficient policy enforcement in DevTools. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.

CVE-2024-0806 CVSS:8.8

Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in Passwords. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2024-0813 CVSS:8.8

Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in Reading Mode. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2024-0808 CVSS:8.8

Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by an integer underflow in WebUI. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2024-0812 CVSS:6.5

Google Chrome could allow a remote attacker to bypass security restrictions, caused by inappropriate implementation in Accessibility. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.

CVE-2024-0807 CVSS:8.8

Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in WebAudio. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the system.

Impact

• Gain Access
• Code Execution
• Security Bypass

Indicators Of Compromise

CVE

• CVE-2024-0809
• CVE-2024-0811
• CVE-2024-0804
• CVE-2024-0805
• CVE-2024-0814
• CVE-2024-0810
• CVE-2024-0806
• CVE-2024-0813
• CVE-2024-0808
• CVE-2024-0812
• CVE-2024-0807

Affected Vendors

Google

Affected Products

• Google Chrome 121.0

Remediation

Upgrade to the latest version of Google Chrome, available from the Google Chrome Releases Website.

Google Chrome Releases Website