overview

This week, Google rolled out a security update for its Chrome browser, targeting six high-severity vulnerabilities that could cause browser crashes and other security issues. The vulnerabilities are as follows:  

  • CVE-2024-6100  
    • This is a high severity type confusion vulnerability in the V8 JavaScript engine, which can allow arbitrary code execution.  
  • CVE-2024-6102  
    • This flaw involves out-of-bound memory access in the Dawn graphics library, which could cause crashes or allow arbitrary code execution.  
  • CVE-2024-6103 
    • This high-severity issue is a use-after-free vulnerability in Dawn, potentially allowing for arbitrary code execution or causing browser crashes. 
  • CVE-2024-6101 
    • This vulnerability is due to inappropriate implementation in WebAssembly, potentially leading to unexpected behavior or crashes. 

Google has not released any technical details regarding the vulnerabilities and there are currently no reports of the vulnerabilities being exploited in the wild. However, it is highly recommended that users make sure their Chrome browsers are updated - 126.0.6478.114 for Linux and 26.0.6478.114/115 for Windows and macOS.  

 

 

avertium's recommendationS

  • To update Chrome, please see the following directions:  
    • Open Google Chrome. 
    • Click the three vertical dots in the top right corner. 
    • Select “Settings.” 
    • Scroll down and click “About Chrome.” 
    • Chrome will automatically check for updates and install any available. 
    • Restart the browser to apply the update. 
  • For more information, please see Google’s advisory 

 

 

INDICATORS OF COMPROMISE (IoCs)

At this time, there are no known IoCs associated with the above vulnerabilities. Avertium remains vigilant in locating IoCs for our customers. Should any be located, Avertium will disclose them as soon as possible. For more information on how Avertium can help protect your organization, please reach out to your Avertium Service Delivery Manager or Account Executive.   

 

 

How Avertium is Protecting Our CUSTOMERS

  • Expanding endpoints, cloud computing environments, and accelerated digital transformation have decimated the perimeter in an ever-expanding attack surface. Avertium offers Attack Surface Management, so you’ll have no more blind spots, weak links, or fire drills. See every threat in your attack surface, every device, every entry point, and every vulnerability. Our Attack Surface Management services include:  
    • Risk Assessments 
    • Pen Testing and Social Engineering  
    • Infrastructure Architecture and Integration  
    • Zero Trust Network Architecture 
    • Vulnerability Management 




 

SUPPORTING DOCUMENTATION

Chrome Releases: Stable Channel Update for Desktop (googleblog.com) 

Google Chrome Patches Six High-Severity Vulnerabilities (cybersecuritynews.com) 

Chrome 126 Update Patches Vulnerability Exploited at Hacking Competition - SecurityWeek 

 
Chat With One of Our Experts



Flash Notice Google Chrome Google Chrome Vulnerability High-Severity Vulnerability Google Vulnerability Blog