1.0 Introduction
Google recently released security updates to address multiple vulnerabilities in the ChromeOS.
2.0 Impact
A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system and targets use-after-free vulnerabilities and heap buffer overflow problems, enhancing the overall security posture of the operating system.
3.0 Affected Products
- CVE-2024-6989 (High): Use-after-free vulnerability in Loader.
- CVE-2024-8362 (High): Use-after-free vulnerability in WebAudio.
- CVE-2024-7967 (High): Heap buffer overflow found in Fonts.
- CVE-2024-8193 (High): Heap buffer overflow in Skia.
- CVE-2024-8198 (High): Heap buffer overflow in Skia.
- CVE-2024-7976 (Medium): Inappropriate implementation in FedCM
4.0 Recommendations
CyberSecurity Malaysia encourages users and administrators to review
Google Chrome’s releases
for more information and apply the necessary updates. Users are also encouraged to enable the automatic update function in Chrome to ensure that their software is updated promptly.
Users may refer the following URL for more information about the update: https://chromereleases.googleblog.com/2024/09/long-term-support-channel-update-for_23.html
Generally, Cyber999 advises the users of these devices to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.
For further enquiries, please contact the Cyber999 Incident Response Centre through the following channels:
E-mail: cyber999[at]cybersecurity.my
Phone: 1-300-88-2999 (monitored during business hours)
Mobile: +60 19 2665850 (24x7 call incident reporting)
Business Hours: Mon - Fri 08:30 -17:30 MYT
Web:
https://www.mycert.org.my
5.0 References