Skip to content

Commit

Permalink
Google Chrome Security Updates - 20240613001 (#803)
Browse files Browse the repository at this point in the history
  • Loading branch information
@Dinindu-Wick
Dinindu-Wick authored Jun 13, 2024
1 parent 501864e commit 48dde65
Showing 1 changed file with 46 additions and 0 deletions.
46 changes: 46 additions & 0 deletions docs/advisories/20240613001-Google-Chrome-Security-Updates.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,46 @@
# Google Chrome Security Updates - 20240613001

## Overview

Google has released updates addressing multiple vulnerabilities discovered in Google Chrome. The most severe of which could allow for arbitrary code execution.

## What is vulnerable?

| CVE | Severity | CVSS | Product(s) Affected | Dated |
| ---- | ------------ | ---- | ------------------- | ----- |
| [CVE-2024-5830](https://nvd.nist.gov/vuln/detail/CVE-2024-5830) | **High** | N.A | Chrome <br>- **prior to 126.0.6478.56/57** for Windows and Mac<br/>- **prior to 126.0.6478.54** for Linux | 06/11/2024 |
| [CVE-2024-5831](https://nvd.nist.gov/vuln/detail/CVE-2024-5831) | **High** | N.A | Chrome <br>- **prior to 126.0.6478.56/57** for Windows and Mac<br/>- **prior to 126.0.6478.54** for Linux | 06/11/2024 |
| [CVE-2024-5832](https://nvd.nist.gov/vuln/detail/CVE-2024-5832) | **High** | N.A | Chrome <br>- **prior to 126.0.6478.56/57** for Windows and Mac<br/>- **prior to 126.0.6478.54** for Linux | 06/11/2024 |
| [CVE-2024-5833](https://nvd.nist.gov/vuln/detail/CVE-2024-5833) | **High** | N.A | Chrome <br>- **prior to 126.0.6478.56/57** for Windows and Mac<br/>- **prior to 126.0.6478.54** for Linux | 06/11/2024 |
| [CVE-2024-5834](https://nvd.nist.gov/vuln/detail/CVE-2024-5834) | **High** | N.A | Chrome <br>- **prior to 126.0.6478.56/57** for Windows and Mac<br/>- **prior to 126.0.6478.54** for Linux | 06/11/2024 |
| [CVE-2024-5835](https://nvd.nist.gov/vuln/detail/CVE-2024-5835) | **High** | N.A | Chrome <br>- **prior to 126.0.6478.56/57** for Windows and Mac<br/>- **prior to 126.0.6478.54** for Linux | 06/11/2024 |
| [CVE-2024-5836](https://nvd.nist.gov/vuln/detail/CVE-2024-5836) | **High** | N.A | Chrome <br>- **prior to 126.0.6478.56/57** for Windows and Mac<br/>- **prior to 126.0.6478.54** for Linux | 06/11/2024 |
| [CVE-2024-5837](https://nvd.nist.gov/vuln/detail/CVE-2024-5837) | **High** | N.A | Chrome <br>- **prior to 126.0.6478.56/57** for Windows and Mac<br/>- **prior to 126.0.6478.54** for Linux | 06/11/2024 |
| [CVE-2024-5838](https://nvd.nist.gov/vuln/detail/CVE-2024-5838) | **High** | N.A | Chrome <br>- **prior to 126.0.6478.56/57** for Windows and Mac<br/>- **prior to 126.0.6478.54** for Linux | 06/11/2024 |
| [CVE-2024-5839](https://nvd.nist.gov/vuln/detail/CVE-2024-5839) | **Medium** | N.A | Chrome <br>- **prior to 126.0.6478.56/57** for Windows and Mac<br/>- **prior to 126.0.6478.54** for Linux | 06/11/2024 |
| [CVE-2024-5840](https://nvd.nist.gov/vuln/detail/CVE-2024-5840) | **Medium** | N.A | Chrome <br>- **prior to 126.0.6478.56/57** for Windows and Mac<br/>- **prior to 126.0.6478.54** for Linux | 06/11/2024 |
| [CVE-2024-5841](https://nvd.nist.gov/vuln/detail/CVE-2024-5841) | **Medium** | N.A | Chrome <br>- **prior to 126.0.6478.56/57** for Windows and Mac<br/>- **prior to 126.0.6478.54** for Linux | 06/11/2024 |
| [CVE-2024-5842](https://nvd.nist.gov/vuln/detail/CVE-2024-5842) | **Medium** | N.A | Chrome <br>- **prior to 126.0.6478.56/57** for Windows and Mac<br/>- **prior to 126.0.6478.54** for Linux | 06/11/2024 |
| [CVE-2024-5843](https://nvd.nist.gov/vuln/detail/CVE-2024-5843) | **Medium** | N.A | Chrome <br>- **prior to 126.0.6478.56/57** for Windows and Mac<br/>- **prior to 126.0.6478.54** for Linux | 06/11/2024 |
| [CVE-2024-5844](https://nvd.nist.gov/vuln/detail/CVE-2024-5844) | **Medium** | N.A | Chrome <br>- **prior to 126.0.6478.56/57** for Windows and Mac<br/>- **prior to 126.0.6478.54** for Linux | 06/11/2024 |
| [CVE-2024-5845](https://nvd.nist.gov/vuln/detail/CVE-2024-5845) | **Medium** | N.A | Chrome <br>- **prior to 126.0.6478.56/57** for Windows and Mac<br/>- **prior to 126.0.6478.54** for Linux | 06/11/2024 |
| [CVE-2024-5846](https://nvd.nist.gov/vuln/detail/CVE-2024-5846) | **Medium** | N.A | Chrome <br>- **prior to 126.0.6478.56/57** for Windows and Mac<br/>- **prior to 126.0.6478.54** for Linux | 06/11/2024 |
| [CVE-2024-5847](https://nvd.nist.gov/vuln/detail/CVE-2024-5847) | **Medium** | N.A | Chrome <br>- **prior to 126.0.6478.56/57** for Windows and Mac<br/>- **prior to 126.0.6478.54** for Linux | 06/11/2024 |

## What has been observed?

There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.

## Recommendation

The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of *one month...* (refer [Patch Management](../guidelines/patch-management.md)):

- Update Google Chrome to version:
- 126.0.6478.56/57 or later for Windows/Mac
- 126.0.6478.54 or later for Linux


## Additional References

- [Chrome Releases: Stable Channel Update for Desktop (googleblog.com)](https://chromereleases.googleblog.com/2024/06/stable-channel-update-for-desktop.html)
- [Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution (cisecurity.org)](https://www.cisecurity.org/advisory/multiple-vulnerabilities-in-google-chrome-could-allow-for-arbitrary-code-execution_2024-072)

0 comments on commit 48dde65

Please sign in to comment.