- 42/2024
- High
Google has released an updated Chrome version 121.0.6167.160/161 for Windows and 121.0.6167.160 for Mac and Linux.
The addressed vulnerabilities could allow the remote attacker to execute arbitrary code to gain access or cause a buffer overflow into the affected system by persuading the victim to visit a specially crafted website.
The addressed vulnerabilities:
1. Google Chrome Code Execution Vulnerability (CVE-2024-1284):
- CVSS: 8.8
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Consequences: Gain Access
2. Google Chrome Buffer Overflow Vulnerability (CVE-2024-1283):
- CVSS: 8.8
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Consequences: Gain Access
Vulnerabilities
- CVE-2024-1283
- CVE-2024-1284
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.