About the Vulnerability
Introduction
Google Chrome is a web browser developed by Google Inc., which is based on other open-source software, including WebKit. Its goal is to enhance stability, speed, and security, and to create a simple and efficient user interface.
Summary
On August 22, 2024, Sangfor FarSight Labs received notification that a Google Chrome component contains information about a code execution vulnerability(CVE-2024-7971) classified as high threat level.
There exists a high-risk vulnerability in Google Chrome; remote attackers could exploit it by tricking users into opening malicious links, thereby gaining access to sensitive information or executing code.
Affected Versions
Google Chrome(Windows/Mac) < 128.0.6613.84/.85
Google Chrome(Linux) < 128.0.6613.84
Solutions
Remediation Solutions
Check the System Version
Open the Chrome browser, and click on “Settings” — “About Chrome” to view the current version.
Official Solution
Affected users are advised to update the Google Chrome.
Download link:https://www.google.cn/intl/en_us/chrome/
Sangfor Solutions
Risky Assets Detection
Support is provided for proactive detection of Google Chrome; and it is capable of batch identifying the affected asset conditions of this event in business scenarios. Related products are as follows:
[Sangfor CWPP] has released an asset detection scheme, with Fingerprint ID: 0000398.
Timeline
On August 22, 2024, Sangfor FarSight Labs received notification of the Google Chrome V8 Type Confusion vulnerability.
On August 22, 2024, Sangfor FarSight Labs released a vulnerability alert.
References
https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop_21.html
