Get in Touch
Indiscriminate, opportunistic targeting.
The United Arab Emirates Cyber Security Council (CSC) disclosed details regarding a security vulnerability discovered within the Google Chrome browser. It has been assessed that the flaw, tracked as CVE-2023-5472,could allow threat actors to execute harmful code within the environment of target operating systems.
It has been assessed that successful exploitation of CVE-2023-5472 would likely allow a threat actor to escape the browser sandbox and execute malicious code within the target environment.
Google has released security updates regarding the affected product versions. As such, previous versions are vulnerable to potential exploitation.
Google Chrome versions prior to 118.0.59993.117.
Containment, Mitigations & Remediations
It is strongly recommended that users of the affected product versions apply the following security updates as a matter of urgency to mitigate against potential exploitation:
- Microsoft (Chrome versions 118.0.5993.117 and 118.0.5993.118)
- macOS (Chrome version 118.0.5993.117)
- Linux (Chrome version 118.0.5993.117).
Indicators of Compromise
No specific Indicators of Compromise (IoCs) are available currently.
Google Chrome occupies a significant portion of the browser market share. The related browser versions are used extensively by organisations across the industry sector spectrum. Within this context, it has been assessed that cyber threat actors will almost certainly view organisations with operational protocols involving these products as prime targets as they seek to meet their pre-defined objectives.
Intelligence indicates that vulnerabilities related to Google Chrome products, for which patches exist, have previously been subjected to malicious cyber operations. It is therefore of critical importance to follow the recommended remediation and mitigation strategies to reduce the risk of exploitation.
No attribution to specific threat actors or groups has been identified at the time of writing.
TA0002 – Execution