UAE Cyber Security Council discloses Google Chrome security flaw

Home / Threat Intelligence bulletins / UAE Cyber Security Council discloses Google Chrome security flaw

Target Industry

Indiscriminate, opportunistic targeting.

Overview

The United Arab Emirates Cyber Security Council (CSC) disclosed details regarding a security vulnerability discovered within the Google Chrome browser. It has been assessed that the flaw, tracked as CVE-2023-5472,could allow threat actors to execute harmful code within the environment of target operating systems.

Impact

It has been assessed that successful exploitation of CVE-2023-5472 would likely allow a threat actor to escape the browser sandbox and execute malicious code within the target environment.

Vulnerability Detection

Google has released security updates regarding the affected product versions. As such, previous versions are vulnerable to potential exploitation.

Affected Products

Google Chrome versions prior to 118.0.59993.117.

Containment, Mitigations & Remediations

It is strongly recommended that users of the affected product versions apply the following security updates as a matter of urgency to mitigate against potential exploitation:

  • Microsoft (Chrome versions 118.0.5993.117 and 118.0.5993.118)
  • macOS (Chrome version 118.0.5993.117)
  • Linux (Chrome version 118.0.5993.117).

Indicators of Compromise

No specific Indicators of Compromise (IoCs) are available currently.

Threat Landscape

Google Chrome occupies a significant portion of the browser market share. The related browser versions are used extensively by organisations across the industry sector spectrum. Within this context, it has been assessed that cyber threat actors will almost certainly view organisations with operational protocols involving these products as prime targets as they seek to meet their pre-defined objectives.

Intelligence indicates that vulnerabilities related to Google Chrome products, for which patches exist, have previously been subjected to malicious cyber operations. It is therefore of critical importance to follow the recommended remediation and mitigation strategies to reduce the risk of exploitation.

Threat Group

No attribution to specific threat actors or groups has been identified at the time of writing.

Mitre Methodologies

Tactic:

TA0002 – Execution

Further Information

Cyber Security Council Tweet

 

An Intelligence Terminology Yardstick to showing the likelihood of events