Cyber999 Advisories

Overview Contact Advisories Incident Statistics
Share this page :
15 September 2024     Advisory

MA-1149.092024: MyCERT Advisory - Security Updates – Chrome OS

1.0 Introduction

Google recently released security updates to address vulnerabilities in the ChromeOS / ChromeOS Flex.


2.0 Impact

A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system, potentially exploit heap corruption and execute arbitrary code inside a sandbox via a crafted HTML page.


3.0 Affected Products

  • CVE-2024-7965 (High): Inappropriate implementation in V8.
  • CVE-2024-7966 (High): Out of bounds memory access in Skia.
  • CVE-2024-7967 (High): Heap buffer overflow in Fonts.
  • CVE-2024-7968 (High): Use after in Autofill.
  • CVE-2024-7971 (High): Type confusion in V8.
  • CVE-2024-7972 (Medium): Inappropriate implementation in V8.
  • CVE-2024-7974 (Medium): Insufficient data validation in V8 API.
  • CVE-2024-7975 (Medium): Inappropriate implementation in Permis2024-sions.
  • CVE-2024-7976 (Medium): Inappropriate implementation in FedCM.
  • CVE-2024-7981 (Low): Inappropriate Implementation in Views.


4.0 Recommendations

CyberSecurity Malaysia encourages users and administrators to review Google Chrome’s releases for more information and apply the necessary updates. Users are also encouraged to enable the automatic update function in Chrome to ensure that their software is updated promptly.

Users may refer the following URL for more information about the update: https://chromereleases.googleblog.com/2024/09/stable-channel-update-for-chromeos_9.html

Generally, Cyber999 advises the users of these devices to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.

For further enquiries, please contact the Cyber999 Incident Response Centre through the following channels:


E-mail: cyber999[at]cybersecurity.my 

Phone: 1-300-88-2999 (monitored during business hours)  

Mobile: +60 19 2665850 (24x7 call incident reporting) 

Business Hours: Mon - Fri 08:30 -17:30 MYT 

Web: https://www.mycert.org.my 


5.0 References

  • https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-242a
  • https://www.mycert.org.my/portal/advisory?id=MA-1034.022024
  • https://thehackernews.com/2024/09/ransomhub-ransomware-group-targets-210.html
Search
Type
Archives
logo
CyberSecurity Malaysia is the national cyber security specialist agency under the purview of the Ministry of Digital (KD)
 
Select User Category
Contact Us

  • CyberSecurity Malaysia,
    Level 7 Tower 1, Menara Cyber Axis, Jalan Impact,
    63000 Cyberjaya, Selangor Darul Ehsan, Malaysia.

  • enquiry@cybersecurity.my

  • +603 - 8800 7999

  • +603 - 8008 7000

COPYRIGHT © CYBERSECURITY MALAYSIA

CONTACT US | DISCLAIMER | PERSONAL DATA PROTECTION NOTICE | SITEMAP

TOP
ASK Byte
Chatbot Portal

Hi, I am ASK Byte. Please submit your questions about the portal and I will try to get answers from online knowledge stores.

Hi, Saya Admin Chatbot. Saya sedia chat dengan anda secara terus. Bagaimana saya boleh membantu anda?

Click the button below to interact with the CSM chatbot

Proceed