| VID |
28954 |
| Severity |
40 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The version of Google Chrome installed on the remote Windows host is prior to 125.0.6422.60. It is, therefore, affected by multiple vulnerabilities as referenced in the 2024_05_stable-channel-update-for-desktop_15 advisory.
- Type Confusion in V8 in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) (CVE-2024-4947)
- Use after free in Dawn in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2024-4948)
- Use after free in V8 in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) (CVE-2024-4949)
- Inappropriate implementation in Downloads in Google Chrome prior to 125.0.6422.60 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) (CVE-2024-4950)
* References:
https://crbug.com/40065403
https://crbug.com/340221135
https://crbug.com/333414294
https://crbug.com/326607001
https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_15.html
* Platforms Affected:
Google Chrome versions prior to 125.0.6422.60
Microsoft Windows Any version |
| Recommendation |
Upgrade to the latest version Google Chrome (125.0.6422.60 or later), available from the Google Web site at http://www.google.com/chrome/ |
| Related URL |
CVE-2024-4947,CVE-2024-4948,CVE-2024-4949,CVE-2024-4950 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
