[CDP-development] TLP:GREEN - (Zero-day Alert Notification) - CVE-2024-4671: A Vulnerability in Google Chrome Could Allow for Arbitrary Code Execution -Use after free in Visuals

CSS Security Operations Services * DAS css-soc-services at das.oregon.gov
Fri May 10 09:17:41 PDT 2024 

Good morning,

The SOC Services team is reporting on the vulnerability: CVE-2024-4671: A Vulnerability in Google Chrome Could Allow for Arbitrary Code Execution -Use after free in Visuals. Due to its high visibility and knowledge of the software installed in the state environment, we are providing this in-depth information:

History: On May 9, 2024, Google released a security advisory warning about a Google Chrome Use after free in Visuals zero-day (CVE-2023-6345) .

The following version of Chrome addresses CVE-2024-4671; Google states updates "will roll out over the coming days/weeks". However, updates are available for deployment by administrators as well as manually by end users.

Fixed version:

  *   Chrome version 124.0.6367.201/.202 (Windows, Mac, and Linux)

Intelligence: As of May 9, 2024, the vulnerability has been confirmed as being exploited in the wild. Details regarding the threat actors that have exploited this vulnerability are currently being withheld.

Workarounds: There are no workarounds at this time.

How it works: The details of the exploit are being withheld by the security researchers until the majority of users have applied the updates. The researchers have also stated they will retain restrictions if the bug exists in a third-party library that haven't been fixed yet.

Post-Exploit: Upon successful exploitation of the vulnerability, a threat actor could allow for arbitrary code in the context of the logged-on user. - There was some highlighting here that wasn't removed.

As of May 9, 2024, the following vulnerability plugin has been released and is currently in Tenable Security Center:
Plugin
Title
Severity
195220<https://www.tenable.com/plugins/nessus/195220>
Google Chrome < 124.0.6367.201 Vulnerability
Critical

Recommended Actions:


  *   Verify host has not been compromised before applying patches.
  *   Apply appropriate updates provided by vendor to vulnerable systems immediately after appropriate testing.
  *   Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.
  *   Apply the Principle of Least Privilege to all systems and services.


[cid:image001.png at 01DAA2B8.8131AED0]
Cyber Security Services
State of Oregon Cyber Security Services
Enterprise Information Services | SOC
Cyber Security Services (CSS)
SOC Hotline: (503) 378-5930 | SOC Services (503) 373-0378
"Ensuring user-friendly, reliable and secure state technology systems that serve Oregonians."


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://omls.oregon.gov/pipermail/cdp-development/attachments/20240510/6731ad15/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 21907 bytes
Desc: image001.png
URL: <https://omls.oregon.gov/pipermail/cdp-development/attachments/20240510/6731ad15/attachment-0001.png>

More information about the CDP-development mailing list