Can you allow arbitrary code execution – Patch Google Chrome now

June 1, 2023

4 Mins Read

The CIS Advisory reported that Google Chrome has several security issues. These severe vulnerabilities could allow hackers to run code on a person’s computer. If a hacker can exploit these vulnerabilities successfully, they could take control of the computer and install programs, access or delete files, or create new user accounts with complete control. People who use

Hello @Rajeev_GoI, You Were Not Bothered About #Pegasus Spyware But Bothered About The Vulnerabilities Exist In Google Chrome Due To Type Confusion In V8, Data Transfer And Devools; pic.twitter.com/7G8SWTBT6e
— aSlam (@Aslam_khader) February 15, 2023

Chrome with fewer privileges or permissions on their computers may be less affected than those with administrative access.

Technical details

The never exploited vulnerabilities with the greatest threat are:

Tactic: Initial Access (TA0001):
Technique: Drive-By Compromise (T1189):

Out of Bounds Write in Swiftshader (CVE-2023-2929)
Use after free in Extensions (CVE-2023-2930)
Use after free in PDF (CVE-2023-2931, CVE-2023-2932, CVE-2023-2933)
Out-of-bounds memory access in Mojo (CVE-2023-2934)
Type Confusion in V8 (CVE-2023-2935, CVE-2023-2936)
Inappropriate implementation in Picture In Picture (CVE-2023-2937, CVE-2023-2938)
Insufficient data validation in Installer (CVE-2023-2939)
Inappropriate implementation in Downloads (CVE-2023-2940)
Inappropriate implementation in Extensions API (CVE-2023-2941)

Source: NIST

What arbitrary code executions could do?

If a hacker gets you through this arbitrary code execution, he can:

Get unauthorized access
Install malware
Control your system
Exploit other vulnerabilities
Initiate network attacks

Who’s most affected?

Government:

Large and medium government entities: HIGH

Small entities: MEDIUM

Businesses:

Large and medium business entities: HIGH

Small business entities: MEDIUM

Home Users: LOW

Emergency update to fix a zero-day vulnerability

Steps you must take to be safe

Apply the appropriate updates provided by Google to vulnerable systems promptly after conducting necessary testing. (M1051: Update Software)

Ensure establishing and maintaining a documented vulnerability management process for enterprise assets, reviewing and updating the documentation annually or when significant enterprise changes may impact this safeguard. (Safeguard 7.1: Establish and Maintain a Vulnerability Management Process)

Risk analysis keeps you a step ahead of potential danger. Learn how an effective vulnerability management process can mitigate risk and protect your organization: https://t.co/o69awBQeT1 #RiskManagement #Vulnerability pic.twitter.com/ydEOghqyFD
— Microsoft Security (@msftsecurity) September 28, 2022

Perform automated application patch management monthly or more frequently, applying application updates to enterprise assets through automated patch management. (Safeguard 7.4: Perform Automated Application Patch Management)

Remediate identified vulnerabilities in software through processes and tools monthly or more frequently, based on the remediation process. (Safeguard 7.7: Remediate Detected Vulnerabilities)

Ensure the use of only fully supported browsers and email clients in the enterprise, allowing only the latest versions provided by the vendor. (Safeguard 9.1: Ensure Use of Only Fully Supported Browsers and Email Clients)

Implement the principle of least privilege for all systems and services. Run all software with non-privileged user accounts (without administrative privileges) to minimize the impact of a successful attack. (M1026: Privileged Account Management)

Manage default accounts on enterprise assets and software, such as root, administrator, and other pre-configured vendor accounts. Examples include disabling default accounts or rendering them unusable. (Safeguard 4.7: Manage Default Accounts on Enterprise Assets and Software)

Restrict administrator privileges to dedicated administrator accounts on enterprise assets. From the user’s primary non-privileged account, carry out general computing activities, such as internet browsing, email, and productivity suite use. (Safeguard 5.4: Restrict Administrator Privileges to Dedicated Administrator Accounts)

Source: CyberArk

Restrict the execution of code to a virtual environment when on or in transit to an endpoint system. (M1048: Application Isolation and Sandboxing)

Utilize capabilities to detect and block conditions indicating or leading to a software exploit. (M1050: Exploit Protection)

Enable anti-exploitation features, where available, on enterprise assets and software, such as Microsoft® Data Execution Prevention (DEP), Windows® Defender Exploit Guard (WDEG), or Apple® System Integrity Protection (SIP) and Gatekeeper™. (Safeguard 10.5: Enable Anti-Exploitation Features)

Implement restrictions on certain websites, block downloads/attachments, disable JavaScript, and restrict browser extensions, among other measures. (M1021: Restrict Web-Based Content)

Source: Google

Utilize DNS filtering services on all enterprise assets to block access to known malicious domains. (Safeguard 9.2: Use DNS Filtering Services)

Maintain and enforce network-based URL filters to prevent enterprise assets from connecting to potentially malicious or unauthorized websites. This can be achieved through category-based filtering, reputation-based filtering, or the use of block lists. Apply these filters to all enterprise assets. (Safeguard 9.3: Maintain and Enforce Network-Based URL Filters)

Source: Research Gate

Block unnecessary file types attempting to enter the enterprise’s email gateway. (Safeguard 9.6: Block Unnecessary File Types)

What did we learn?

Educating and informing users about the risks associated with hypertext links in emails or attachments, especially from untrusted sources, is very important. Reminding them to avoid visiting untrusted websites or clicking on links provided by unknown or untrusted sources is also essential.

Organizations must establish and maintain a security awareness program to educate the workforce on secure interactions with enterprise assets and data. Conduct training at the time of hiring and at least once a year. Review and update the program’s content annually or when significant enterprise changes occur.

Be safe!

PureVPN

June 1, 2023

11 months ago

PureVPN is a leading VPN service provider that excels in providing easy solutions for online privacy and security. With 6000+ servers in 65+ countries, It helps consumers and businesses in keeping their online identity secured.

Have Your Say!!

Cookie	Duration	Description
__stripe_mid	1 year	This cookie is set by Stripe payment gateway. This cookie is used to enable payment on the website without storing any patment information on a server.
__stripe_sid	30 minutes	This cookie is set by Stripe payment gateway. This cookie is used to enable payment on the website without storing any patment information on a server.
Affiliate ID	3 months	Affiliate ID cookie
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
Data 1	3 months
Data 2	3 months	Data 2
JSESSIONID	session	Used by sites written in JSP. General purpose platform session cookies that are used to maintain users' state across page requests.
PHPSESSID	session	This cookie is native to PHP applications. The cookie is used to store and identify a users' unique session ID for the purpose of managing user session on the website. The cookie is a session cookies and is deleted when all the browser windows are closed.
woocommerce_cart_hash	session	This cookie is set by WooCommerce. The cookie helps WooCommerce determine when cart contents/data changes.
XSRF-TOKEN	session	The cookie is set by Wix website building platform on Wix website. The cookie is used for security purposes.

Cookie	Duration	Description
__lc_cid	2 years	This is an essential cookie for the website live chat box to function properly.
__lc_cst	2 years	This cookie is used for the website live chat box to function properly.
__lc2_cid	2 years	This cookie is used to enable the website live chat-box function. It is used to reconnect the customer with the last agent with whom the customer had chatted.
__lc2_cst	2 years	This cookie is necessary to enable the website live chat-box function. It is used to distinguish different users using live chat at different times that is to reconnect the last agent with whom the customer had chatted.
__oauth_redirect_detector		This cookie is used to recognize the visitors using live chat at different times inorder to optimize the chat-box functionality.
Affiliate ID	3 months	Affiliate ID cookie
Data 1	3 months
Data 2	3 months	Data 2
pll_language	1 year	This cookie is set by Polylang plugin for WordPress powered websites. The cookie stores the language code of the last browsed page.

Cookie	Duration	Description
_ga	2 years	This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors.
_ga_J2RWQBT0P2	2 years	This cookie is installed by Google Analytics.
_gat_gtag_UA_12584548_1	1 minute	This cookie is set by Google and is used to distinguish users.
_gat_UA-12584548-1	1 minute	This is a pattern type cookie set by Google Analytics, where the pattern element on the name contains the unique identity number of the account or website it relates to. It appears to be a variation of the _gat cookie which is used to limit the amount of data recorded by Google on high traffic volume websites.
_gcl_au	3 months	This cookie is used by Google Analytics to understand user interaction with the website.
_gid	1 day	This cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the website is doing. The data collected including the number visitors, the source where they have come from, and the pages visted in an anonymous form.
_hjAbsoluteSessionInProgress	30 minutes	No description available.
_hjFirstSeen	30 minutes	This is set by Hotjar to identify a new user’s first session. It stores a true/false value, indicating whether this was the first time Hotjar saw this user. It is used by Recording filters to identify new user sessions.
_hjid	1 year	This cookie is set by Hotjar. This cookie is set when the customer first lands on a page with the Hotjar script. It is used to persist the random user ID, unique to that site on the browser. This ensures that behavior in subsequent visits to the same site will be attributed to the same user ID.
_hjIncludedInPageviewSample	2 minutes	No description available.
_hjIncludedInSessionSample	2 minutes	No description available.
_hjTLDTest	session	No description available.
PAPVisitorId	1 year	This cookie is set by the Post Affiliate Pro.This cookie is used to store the visitor ID which helps in tracking the affiliate.

Cookie	Duration	Description
_fbp	3 months	This cookie is set by Facebook to deliver advertisement when they are on Facebook or a digital platform powered by Facebook advertising after visiting this website.
fr	3 months	The cookie is set by Facebook to show relevant advertisments to the users and measure and improve the advertisements. The cookie also tracks the behavior of the user across the web on sites that have Facebook pixel or Facebook social plugin.
IDE	1 year 24 days	Used by Google DoubleClick and stores information about how the user uses the website and any other advertisement before visiting the website. This is used to present users with ads that are relevant to them according to the user profile.
NID	6 months	This cookie is used to a profile based on user's interest and display personalized ads to the users.
test_cookie	15 minutes	This cookie is set by doubleclick.net. The purpose of the cookie is to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	This cookie is set by Youtube. Used to track the information of the embedded YouTube videos on a website.
YSC	session	This cookies is set by Youtube and is used to track the views of embedded videos.

Cookie	Duration	Description
_app_session	1 month	No description available.
_dc_gtm_UA-12584548-1	1 minute	No description
_gfpc	session	No description available.
71cfb2288d832330cf35a9f9060f8d69	session	No description
cli_bypass	3 months	No description
CONSENT	16 years 6 months 13 days 18 hours	No description
gtm-session-start	2 hours	No description available.
isoCode	1 month	No description available.
L-k26wU	1 day	No description
L-KVHA4	1 day	No description
m	2 years	No description available.
newVisitorId	3 months	No description
owner_token	1 day	No description available.
PP-k26wU	1 hour	No description
PP-KVHA4	1 hour	No description
RL-k26wU	1 day	No description
RL-KVHA4	1 day	No description
wisepops	2 years	No description available.
wisepops_session	session	No description available.
wisepops_visits	2 years	No description available.
woocommerce_items_in_cart	session	No description available.
wp_woocommerce_session_1b44ba63fbc929b5c862fc58a81dbb22	2 days	No description
yt-remote-connected-devices	never	No description available.
yt-remote-device-id	never	No description available.