Google Chrome Multiple RCE Vulnerabilities - 20240418002 (#650)

* SolarWinds Releases Patches for Access Rights Manager vulnerabilities - 20240219001 * Format markdown files * Format markdown files * Junos OS RCE Vulnerability - 20240226002 * Format markdown files * Windows Themes Spoofing Vulnerability - 20240308003 * Format markdown files * Windows Themes Spoofing Vulnerability - 20240308003 - edited * Akamai Kubernetes Vulnerability - 20240318002 * Format markdown files * CISA Releases Multiple Critical Infrastructure Related Advisories - 20240327001 * Format markdown files * PGAdmin Remote Code Execution Vulnerability - 20240408001 * Format markdown files * Update 20240408001-PGAdmin-Remote-Code-Execution-Vulnerability.md FIxing tables * Format markdown files * Palo Alto Networks PAN-OS Command Injection Vulnerability added to CISA Known Exploited Catalog - 20240415001 * Format markdown files * Palo Alto Networks PAN-OS Command Injection Vulnerability added to CISA Known Exploited Catalog - 20240415001 * Format markdown files * Update 20240415001-PaloAlto-Networks-PAN-OS-Command-Injection-Vulnerability-added-to-CISA-Known-Exploited-Catalog.md Added older versions updates and Zero day notes * Format markdown files * Google Chrome Multiple RCE Vulnerabilities - 20240418002 * Format markdown docs * Remove duplicate 20240415001-PaloAlto * Update 20240418002-Google-Chrome-Multiple-RCE-Vulnerabilities.md Reviewed and Approved * Format markdown docs --------- Co-authored-by: GitHub Actions <[email protected]> Co-authored-by: Joshua Hitchen (DGov) <[email protected]> Co-authored-by: LSerki <[email protected]> Co-authored-by: DGovEnterprise <[email protected]>
wagov · Apr 18, 2024 · 16ad94b · 16ad94b
1 parent e1d549f
commit 16ad94b
Showing 1 changed file with 21 additions and 0 deletions.
diff --git a/docs/advisories/20240418002-Google-Chrome-Multiple-RCE-Vulnerabilities.md b/docs/advisories/20240418002-Google-Chrome-Multiple-RCE-Vulnerabilities.md
@@ -0,0 +1,21 @@
+# Google Chrome Multiple RCE Vulnerabilities - 20240418002
+
+## Overview
+
+Multiple vulnerabilities have been discovered in Google Chrome, which could allow for remote code execution. Successful exploitation of these vulnerabilities could allow for remote code execution in the context of the logged on user.
+
+## What is vulnerable?
+
+| CVE                                                             | Severity     | CVSS | Product(s) Affected                                                                       |
+| --------------------------------------------------------------- | ------------ | ---- | ----------------------------------------------------------------------------------------- |
+| [CVE-2024-1673](https://nvd.nist.gov/vuln/detail/CVE-2024-1673) | **Critical** | 9.8  | **Chrome versions prior to 124.0.6367.60/.61 for Wins & Mac and 124.0.6367.60 for Linux** |
+
+## Recommendation
+
+The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe  (refer [Patch Management](../guidelines/patch-management.md)):
+
+- [Chrome Releases](https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_16.html)
+
+## Additional References
+
+- [Multiple Vulnerabilities in Google Chrome Could Allow for Remote Code Execution](https://www.cisecurity.org/advisory/multiple-vulnerabilities-in-google-chrome-could-allow-for-remote-code-execution_2024-040)