Threat Summary

Google addressed 23 vulnerabilities in its Chrome browser on April 16, 2024, covering Windows, Mac, and Linux platforms. These vulnerabilities spanned various issues, from object corruption in V8 and WebAssembly to multiple use-after-free incidents in components like V8, Downloads, and QUIC.

The US Cybersecurity and Infrastructure Security Agency (CISA) pointed out that several of these flaws could enable remote code execution, potentially affecting users based on their system's privilege levels. Key vulnerabilities included object corruption in V8 (CVE-2024-3832), a WebAssembly flaw (CVE-2024-3833), and use-after-free weaknesses in QUIC (CVE-2024-3837) and Downloads (CVE-2024-3834).

Recommendations

CISA recommended users to update to versions 124.0.6367.60/.61 for Windows and Mac, and 124.0.6367.60 for Linux to mitigate these risks.

As of now, there have been no reports of these vulnerabilities being exploited in the wild.

References

https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_16.html

https://www.cisecurity.org/advisory/multiple-vulnerabilities-in-google-chrome-could-allow-for-remote-code-execution_2024-040

Pic Credits: Bleepingcomputer