| VID |
28956 |
| Severity |
40 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The version of Google Chrome installed on the remote Windows host is prior to 128.0.6613.84. It is, therefore, affected by multiple vulnerabilities as referenced in the 2024_08_stable-channel-update-for-desktop_21 advisory.
- Inappropriate implementation in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2024-7965)
- Out of bounds memory access in Skia in Google Chrome prior to 128.0.6613.84 allowed a remote attacker who had compromised the renderer process to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) (CVE-2024-7966)
- Heap buffer overflow in Fonts in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2024-7967)
- Use after free in Autofill in Google Chrome prior to 128.0.6613.84 allowed a remote attacker who had convinced the user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2024-7968)
- Type confusion in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2024-7971)
- Inappropriate implementation in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium) (CVE-2024-7972)
- Heap buffer overflow in PDFium in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file. (Chromium security severity: Medium) (CVE-2024-7973)
- Insufficient data validation in V8 API in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: Medium) (CVE-2024-7974)
- Inappropriate implementation in Permissions in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) (CVE-2024-7975)
- Inappropriate implementation in FedCM in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) (CVE-2024-7976)
- Insufficient data validation in Installer in Google Chrome on Windows prior to 128.0.6613.84 allowed a local attacker to perform privilege escalation via a malicious file. (Chromium security severity: Medium) (CVE-2024-7977)
- Insufficient policy enforcement in Data Transfer in Google Chrome prior to 128.0.6613.84 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) (CVE-2024-7978)
- Insufficient data validation in Installer in Google Chrome on Windows prior to 128.0.6613.84 allowed a local attacker to perform privilege escalation via a crafted symbolic link. (Chromium security severity:Medium) (CVE-2024-7979, CVE-2024-7980)
* References:
https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop_21.html
https://crbug.com/358296941
https://crbug.com/356196918
https://crbug.com/355465305
https://crbug.com/355731798
https://crbug.com/349253666
https://crbug.com/360700873
https://crbug.com/345960102
https://crbug.com/345518608
https://crbug.com/339141099
https://crbug.com/347588491
https://crbug.com/339654392
https://crbug.com/324770940
https://crbug.com/40060358
https://crbug.com/356064205
https://crbug.com/356328460
https://crbug.com/40067456
https://crbug.com/350256139
https://crbug.com/353858776
https://crbug.com/40059470
* Platforms Affected:
Google Chrome versions prior to 128.0.6613.84
Microsoft Windows Any ver |
| Recommendation |
Upgrade to the latest version Google Chrome (128.0.6613.84 or later), available from the Google Web site at http://www.google.com/chrome/ |
| Related URL |
CVE-2024-7964,CVE-2024-7967,CVE-2024-7968,CVE-2024-7972,CVE-2024-7974,CVE-2024-7975,CVE-2024-7980,CVE-2024-7981,CVE-2024-8035 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
