Report Title: Google Chrome Securit Update
Severity:
High
Description: Google has released an updated Chrome version (112.0.5615.49/50) for Windows
and (112.0.5615.49) for Linux and Mac to fix multiple vulnerabilities.
Analysis: The addressed vulnerabilities could allow the remote attacker to gain access,
execute arbitrary code on the system, bypass security restrictions, or trigger a
buffer overflow by persuading the victim to visit a specially crafted webpage on
the affected system.
Sample of the addressed vulnerabilities:
1. Google Chrome Heap Buffer Overflow in Visuals (CVE-2023-1810):
• CVSS: 8.8
• Attack Vector: Network
• Attack Complexity: Low
• Privileges Required: None
• User Interaction: Required
• Consequences: Gain Access
2. Google Chrome Out of Bounds Memory Access in DOM (CVE-2023-1811):
• CVSS: 8.8
• Attack Vector: Network
• Attack Complexity: Low
• Privileges Required: None
• User Interaction: Required
• Consequences: Gain Access
Vulnerabilities
Exploited:
• CVE-2023-1810
• CVE-2023-1811
• CVE-2023-1812
• CVE-2023-1813
• CVE-2023-1814
• CVE-2023-1815
• CVE-2023-1816
• CVE-2023-1817
• CVE-2023-1818
• CVE-2023-1819
• CVE-2023-1820
• CVE-2023-1821
• CVE-2023-1822
• CVE-2023-1823
Indicators of
Compromise
(IOCs):
N/A
Mitigations: The enterprise should deploy this patch as soon as the testing phase is completed.
Google Chrome Security Update
References: Google Chrome Security Update
https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop.html?m=1
