Multiple vulnerabilities in Google ChromeOS



Risk Critical
Patch available YES
Number of vulnerabilities 6
CVE-ID CVE-2024-4671
CVE-2024-4331
CVE-2024-0409
CVE-2024-24806
CVE-2024-21626
CVE-2023-25584
CWE-ID CWE-416
CWE-399
CWE-918
CWE-254
CWE-125
Exploitation vector Network
Public exploit Vulnerability #1 is being exploited in the wild.
Public exploit code for vulnerability #5 is available.
Vulnerable software
Chrome OS
Operating systems & Components / Operating system

Vendor Google

Security Bulletin

This security bulletin contains information about 6 vulnerabilities.

1) Use-after-free

EUVDB-ID: #VU89324

Risk: Critical

CVSSv4.0: 8.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Red]

CVE-ID: CVE-2024-4671

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the Visuals component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Note, the vulnerability is being actively exploited in the wild.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Chrome OS: before 120.0.6099.310

CPE2.3 External links

http://chromereleases.googleblog.com/2024/05/long-term-support-channel-update-for.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.

2) Use-after-free

EUVDB-ID: #VU89079

Risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2024-4331

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the Picture In Picture component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Chrome OS: before 120.0.6099.310

CPE2.3
External links

http://chromereleases.googleblog.com/2024/05/long-term-support-channel-update-for.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Resource management error

EUVDB-ID: #VU85450

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-0409

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper handling of the curser code when used with SELinux. A local user can perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Chrome OS: before 120.0.6099.310

CPE2.3
External links

http://chromereleases.googleblog.com/2024/05/long-term-support-channel-update-for.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Server-Side Request Forgery (SSRF)

EUVDB-ID: #VU86707

Risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-24806

CWE-ID: CWE-918 - Server-Side Request Forgery (SSRF)

Exploit availability: No

Description

The disclosed vulnerability allows a remote attacker to perform SSRF attacks.

The vulnerability exists due to insufficient validation of user-supplied input when handling hostnames longer than 256 characters within the uv_getaddrinfo() function in src/unix/getaddrinfo.c and its windows counterpart src/win/getaddrinfo.c. A remote attacker can pass a specially crafted hostname to the application, which can be resolved to an attacker controlled IP address and initiate unauthorized requests to arbitrary systems.

Successful exploitation of this vulnerability may allow a remote attacker gain access to sensitive data, located in the local network or send malicious requests to other servers from the vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Chrome OS: before 120.0.6099.310

CPE2.3
External links

http://chromereleases.googleblog.com/2024/05/long-term-support-channel-update-for.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Security features bypass

EUVDB-ID: #VU85991

Risk: High

CVSSv4.0: 7.5 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Amber]

CVE-ID: CVE-2024-21626

CWE-ID: CWE-254 - Security Features

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to an internal file descriptor leak that can cause a newly-spawned container process (from runc exec) to have a working directory in the host filesystem namespace or a malicious image to allow a container process to gain access to the host filesystem through runc run. A remote attacker can trick the victim into loading a malicious image to bypass sandbox restrictions and execute arbitrary code on the host OS.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Chrome OS: before 120.0.6099.310

CPE2.3
External links

http://chromereleases.googleblog.com/2024/05/long-term-support-channel-update-for.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.

6) Out-of-bounds read

EUVDB-ID: #VU87121

Risk: Low

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-25584

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary condition within the parse_module() function in bfd/vms-alpha.c. A remote attacker can pass specially crafted input to the application, trigger an out-of-bounds read error and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Chrome OS: before 120.0.6099.310

CPE2.3
External links

http://chromereleases.googleblog.com/2024/05/long-term-support-channel-update-for.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###