Chrome Zero Days - 20240328002¶
Overview¶
Chrome updates to address multiple vulnerabilities, including two proof of concept zero days CVE-2024-2886 and CVE-2024-2887, have been released.
What is vulnerable?¶
| CVE | Severity | CVSS | Product(s) Affected |
|---|---|---|---|
| CVE-2024-2886 | High | N/A | Chrome for Windows and Mac before 123.0.6312.86/.87 |
| CVE-2024-2887 | High | N/A | Chrome for Linux before 123.0.6312.86 |
What has been observed?¶
There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.
Recommendation¶
The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of one month... (refer Patch Management):
- https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop_26.html
- https://securityaffairs.com/161151/security/google-chrome-zero-days-pwn2own-2024.html