Multiple vulnerabilities in Google Chrome could allow arbitrary code execution

Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow arbitrary code execution in the context of the logged-on user. Depending on the user's privileges, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

There are currently no reports of these vulnerabilities being exploited in the wild.

Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow arbitrary code execution. The details of these vulnerabilities are as follows:

Tactical: Initial access (TA0001):

Technical: Compromise at the wheel (T1189):

• Heap buffer overflow in Skia (CVE-2024-8636)
• Use after free in Media Router (CVE-2024-8637)
• Type confusion in V8 (CVE-2024-8638)
• Use after free in autofill (CVE-2024-8639)

Successful exploitation of the most severe of these vulnerabilities could allow arbitrary code execution in the context of the logged-on user. Depending on the user's privileges, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

We recommend taking the following measures:

• Apply appropriate updates provided by Google to vulnerable systems immediately after appropriate testing.M1051:Software Update)
  • Safeguard 7.1: Establish and maintain a vulnerability management process: Establish and maintain a documented vulnerability management process for enterprise assets. Review and update documentation annually or when significant changes in the business may impact this safeguard.
  • Safeguard 7.4: Perform automated application patch management: Perform application updates on enterprise assets with automated patch management on a monthly or more frequent basis.
  • Backup 7.7: Address detected vulnerabilities: Remediate vulnerabilities detected in software through processes and tools on a monthly or more frequent basis, depending on the remediation process.
  • Safeguard 9.1: Make sure to use only fully supported browsers and email clients: Ensure that only fully supported browsers and email clients are allowed to run in the enterprise, using only the latest version of vendor-provided browsers and email clients.
• Apply the principle of least privilege to all systems and services. Run all software as an unprivileged user (without administrative privileges) to reduce the effects of a successful attack.M1026:Management of privileged accounts)
  • Safeguard 4.7: Manage default accounts on company assets and software: Manage default accounts on enterprise assets and software, such as root, administrator, and other pre-configured vendor accounts. Implementation examples may include: disabling default accounts or preventing them from being used.
  • Safeguard 5.4: Restrict administrator privileges to dedicated administrator accounts: Limit administrator privileges to dedicated administrator accounts on company assets. Perform general computing activities, such as Internet browsing, email, and productivity suite use, from users' primary, non-privileged accounts.
• Restrict code execution to a virtual environment on or in transit to an endpoint system.M1048: Application isolation and sandboxing)
• Use features to detect and block conditions that may lead to or indicate that software exploitation is occurring.M1050:Exploit Protection)
  • Safeguard 10.5: Enable Anti-Exploit Features: Enable anti-exploitation features on enterprise assets and software where possible, such as Microsoft Data Execution Prevention (DEP), Windows Defender Exploit Guard (WDEG), or Apple System Integrity Protection (SIP) and Gatekeeper.
• Restrict use of certain websites, block downloads/attachments, block Javascript, restrict browser extensions, etc. (M1021: Restrict web content)
  • Security Measure 9.2: Use DNS Filtering Services: Use DNS filtering services on all corporate assets to block access to known malicious domains.
  • Safeguard 9.3: Maintain and apply network-based URL filters: Apply and update network-based URL filters to prevent an enterprise asset from connecting to potentially malicious or untrusted websites. Implementation examples include category-based filtering, reputation-based filtering, or using blocklists. Apply filters for all enterprise assets.
  • Safeguard 9.6: Block unnecessary file types: Block unnecessary file types that try to enter the corporate email gateway.
• Inform and educate users about the threats posed by hyperlinks contained in emails or attachments, especially those from untrusted sources. Remind users not to visit untrusted websites or follow links provided by unknown or untrusted sources.M1017: User training)
  • Safeguard 14.1: Establish and maintain a security awareness program: Establish and maintain a security awareness program. The goal of a security awareness program is to educate company personnel on how to interact with company assets and data securely. Provide training upon hire and, at a minimum, annually. Review and update the content annually or when significant changes to the business may impact this safeguard.
  • Safeguard 14.2: Train staff to recognize social engineering attacks: Train staff to recognize social engineering attacks, such as phishing, pretexting, and tailgating.