PT-2024-5220 · Google+3 · Google Chrome+3

Northsea

Published

2023-12-09

Updated

2024-11-29

CVE-2024-3173

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 120.0.6099.62

Description: The issue is related to insufficient data validation in the Updater component of Google Chrome, allowing a remote attacker to perform OS-level privilege escalation via a malicious file. This can lead to a remote attacker gaining elevated privileges on the affected system.

Recommendations: For versions prior to 120.0.6099.62, update to version 120.0.6099.62 or later to resolve the issue. As a temporary workaround, consider restricting access to the Updater component until a patch is applied.

Exploit

Fix

Insufficient Verification of Data Authenticity

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-345CWE-20

Related Identifiers

ALT-PU-2024-10294

ALT-PU-2024-14286

ALT-PU-2024-14830

BDU:2024-05782

CVE-2024-3173

DSA-5573-1

Affected Products

Alt Linux

Astra Linux

Google Chrome

Red Os

PT-2024-5220 · Google+3 · Google Chrome+3

CVE-2024-3173

Weakness Enumeration

Related Identifiers

Affected Products

References · 37