1.0 Introduction
Google has released security updates to address multiple vulnerabilities in the Chrome browser. This security update addresses 7 security vulnerabilities, including the following critical and high severity issues.
2.0 Impact
Allows the attackers to remotely execute malicious code on a victim’s machine or compromise sensitive data.
- Critical (CVE-2024-2883): A use-after-free vulnerability in ANGLE.
- High (CVE-2024-2885): A use-after-free vulnerability in Dawn.
- High (CVE-2024-2886): A use-after-free vulnerability in WebCodecs.
- High (CVE-2024-2887): A type confusion vulnerability in WebAssembly.
3.0 Affected Products
The affected Chrome browsers are:
- Google Chrome for Windows, Mac, Linux, and Android.
4.0 Recommendations
Users are recommended to update to version 120.0.6099.129 for macOS and Linux and 120.0.6099.129/130 for Windows to mitigate potential threats. Users are also encouraged to enable the automatic update function in Chrome to ensure that their software is updated promptly.
Users and system administrators are encouraged to review the Google Chrome security update and upgrade to the latest version.
Fixed versions:
- Stable Channel Update for Desktop
- Chrome 123.0.6312.86/.87 for Windows and Mac.
- Chrome 123.0.6312.86 for Linux.
- Extended Stable Channel Update for Desktop
- Chrome 122.0.6261.148 for Windows and Mac.
- Chrome 123 (123.0.6312.80) for Android
Generally, CyberSecurity Malaysia advises the users to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.
For further enquiries, please contact us through the following channels:
E-mail: cyber999[at]cybersecurity.my
Phone: 1-300-88-2999 (monitored during business hours)
Mobile: +60 19 2665850 (24×7 call incident reporting)
Business Hours: Mon – Fri 08:30 -17:30 MYT
Web: https://www.mycert.org.my
Twitter: https://twitter.com/mycert
Facebook: https://www.facebook.com/mycert.org.my
5.0 References
- https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop_26.html
- https://chromereleases.googleblog.com/2024/03/chrome-for-android-update_26.html
- https://chromereleases.googleblog.com/2024/03/chrome-for-android-update_26.html
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-2883
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-2885
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-2887