- 61/2023
- High
Google has released an updated Chrome version (111.0.5563.64/.65) for Windows and (111.0.5563.64) for Linux and Mac to fix multiple vulnerabilities.
The addressed vulnerabilities could allow the remote attacker to execute arbitrary code on the system, cause a denial of service or trigger a buffer overflow by persuading the victim to visit a specially crafted webpage on the affected system.
Sample of the addressed vulnerabilities:
1. Google Chrome Swiftshader Code Execution (CVE-2023-1213):
• CVSS: 8.8
• Attack Vector: Network
• Attack Complexity: Low
• Privileges Required: None
• User Interaction: Required
• Consequences: Gain Access
2. Google Chrome WebRTC Code Execution (CVE-2023-1218):
• CVSS: 8.8
• Attack Vector: Network
• Attack Complexity: Low
• Privileges Required: None
• User Interaction: Required
• Consequences: Gain Access
Vulnerabilities
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.