[CDP-development] TLP:GREEN (Zero-Day Alert Notification) MS-ISAC ADVISORY NUMBER: 2023-145: A Vulnerability in Google Chrome Could Allow for Arbitrary Code Execution

CSS Security Operations Services * DAS css-soc-services at das.oregon.gov
Thu Dec 21 11:16:38 PST 2023 

Good morning,

The SOC Services team is reporting on the vulnerability: CVE-2023-7024: A Vulnerability in Google Chrome Could Allow for Arbitrary Code Execution. Due to its high visibility and knowledge of the software installed in the state environment, we are providing this in-depth information:

History: On December 20, 2023, Google released a statement regarding CVE-2023-7024 stating that it has been patched. CVE-2023-7024 is an heap buffer overflow vulnerability in WebRTC within Chrome and is the eight exploited zero-day vulnerability for Chrome that Google has patched this year.

Patched versions:

  *   120.0.6099.129 Mac/Linux
  *   120.0.6099.129/130 Windows

The Chrome Release blog post related to the vulnerability can be found here: https://chromereleases.googleblog.com/2023/12/stable-channel-update-for-desktop_20.html

Intelligence: As of December 20, 2023, the vulnerability has been confirmed as being exploited in the wild.

Workarounds: There are no workarounds for this vulnerability.

How it works: Information regarding exploitation of the vulnerability has not been released. Google had this to say regarding the exploitation of the vulnerability "Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven't yet fixed.".

Post-Exploit: Upon successful exploitation of the vulnerability, a threat actor could execute arbitrary code in the context of the logged on user. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

As of December 20, 2023, the following vulnerability plugins have been released and are currently in Tenable Security Center:
Plugin
Title
Severity
187134<https://www.tenable.com/plugins/nessus/187134>
Google Chrome < 120.0.6099.129 Vulnerability
High
187133<https://www.tenable.com/plugins/nessus/187133>
Google Chrome < 120.0.6099.129 Vulnerability
High
187132<https://www.tenable.com/plugins/nessus/187132>
Google Chrome < 120.0.6099.130 Vulnerability
High

Recommended Actions:


  *   Verify host has not been compromised before applying patches.
  *   Apply appropriate updates provided by vendor to vulnerable systems immediately after appropriate testing.
  *   Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.
  *   Apply the Principle of Least Privilege to all systems and services.

[cid:image001.png at 01DA33F8.8A38DFA0]
Cyber Security Services
State of Oregon Cyber Security Services
Enterprise Information Services | SOC
Cyber Security Services (CSS)
SOC Hotline: (503) 378-5930 | SOC Services (503) 373-0378
"Ensuring user-friendly, reliable and secure state technology systems that serve Oregonians."


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://omls.oregon.gov/pipermail/cdp-development/attachments/20231221/f74fc57f/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 21907 bytes
Desc: image001.png
URL: <https://omls.oregon.gov/pipermail/cdp-development/attachments/20231221/f74fc57f/attachment-0001.png>

More information about the CDP-development mailing list