- 05/2023
- High
Google has released an updated Chrome version (109.0.5414.74/.75) for Windows, (109.0.5414.74) for Linux, and (109.0.5414.87) for Mac to fix multiple vulnerabilities.
The addressed vulnerabilities could allow the remote attacker to execute arbitrary code, bypass security restrictions, or cause a denial of service on the vulnerable system, by persuading the victim to visit a specially crafted webpage.
Sample of the addressed vulnerabilities:
1. Google Chrome Code Execution (CVE-2023-0128):
• CVSS: 8.8
• Attack Vector: Network
• Attack Complexity: Low
• Privileges Required: None
• User Interaction: Required
• Consequences: Gain Access
2. Google Chrome Buffer Overflow (CVE-2023-0129):
• CVSS: 8.8
• Attack Vector: Network
• Attack Complexity: Low
• Privileges Required: None
• User Interaction: Required
• Consequences: Gain Access
Vulnerabilities
- CVE-2023-0128
- CVE-2023-0129
- CVE-2023-0130
- CVE-2023-0131
- CVE-2023-0132
- CVE-2023-0133
- CVE-2023-0134
- CVE-2023-0135
- CVE-2023-0136
- CVE-2023-0137
- CVE-2023-0138
- CVE-2023-0139
- CVE-2023-0140
- CVE-2023-0141
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.