【Vulnerability Alert】 Security Vulnerability in Chromium-Based Browsers (CVE-2024-5274) - Immediate Action Required
publish date :
2024-06-05
update date :
2024-06-05
Source: Ministry of education information & communication security contingency platform
Publication Number | TACERT-ANA-2024060410063030 | Publication Time | 2024/06/04 10:23 |
Incident Type | ANA-Vulnerability Alert | Discovery Time | 2024/06/04 10:10 |
Impact Level | Medium | ||
[Subject] 【Vulnerability Alert】 Security Vulnerability in Chromium-Based Browsers (CVE-2024-5274) - Immediate Action Required |
|||
[Content] Forwarded from the National Institute of Cyber Security NISAC-200-202406-00000004 Researchers have identified a type confusion vulnerability (CVE-2024-5274) in Chromium-based browsers such as Google Chrome, Microsoft Edge, Vivaldi, Brave, and Opera. Remote attackers can exploit this vulnerability to execute arbitrary code within the sandbox. This vulnerability has been exploited by hackers, so immediate verification and patching are required. Information Sharing Level: WHITE (Information content can be publicly disclosed) |
|||
[Affected Platform] ●Google Chrome versions below 125.0.6422.112 ●Microsoft Edge (Based on Chromium) versions below 125.0.2535.67 ●Vivaldi versions below 6.7.3329.35 ●Brave versions below 1.66.115 ●Opera stable versions below 110.0.5130.39 |
|||
[Recommended Actions] 1.Please update Google Chrome to version 125.0.6422.112 or above: https://support.google.com/chrome/answer/95414?hl=zh-Hant 2.Please update Microsoft Edge to version 125.0.2535.67 or above: https://support.microsoft.com/zh-tw/topic/microsoft-edge-%E6%9B%B4%E6%96%B0%E8%A8%AD%E5%AE%9A-af8aaca2-1b69-4870-94fe-18822dbb7ef1 3.Please update Vivaldi to version 6.7.3329.35 or above: https://help.vivaldi.com/desktop/install-update/update-vivaldi/ 4.Please update Brave to version 1.66.115 or above: https://community.brave.com/t/how-to-update-brave/384780 5.Please update Opera stable to version 110.0.5130.39 or above: https://help.opera.com/en/latest/crashes-and-issues/ |
|||
[Reference] 1. https://nvd.nist.gov/vuln/detail/CVE-2024-5274 2. https://support.microsoft.com/zh-tw/topic/microsoft-edge-%E6%9B%B4%E6%96%B0%E8%A8%AD%E5%AE%9A-af8aaca2-1b69-4870-94fe-18822dbb7ef1 3. https://support.google.com/chrome/answer/95414?hl=zh-Hant 4. https://help.vivaldi.com/desktop/install-update/update-vivaldi/ 5. https://community.brave.com/t/how-to-update-brave/384780 6. https://help.opera.com/en/latest/crashes-and-issues/ 7. https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_23.html 8. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-5274 9. https://vivaldi.com/blog/desktop/minor-update-seven-6-7/ 10. https://community.brave.com/t/release-channel-1-66-115/550022 11. https://blogs.opera.com/desktop/2024/05/opera-110-0-5130-39-stable-update/ |
(This notification is for informational purposes only and does not constitute a cybersecurity incident).
If you have questions or suggestions regarding this notification, please feel free to contact us.
Ministry of education information & communication security contingency platform
Website: https://info.cert.tanet.edu.tw/
Phone: +886-7-5250211
Internet Phone: 98400000
E-Mail: service@cert.tanet.edu.tw
If you have questions or suggestions regarding this notification, please feel free to contact us.
Ministry of education information & communication security contingency platform
Website: https://info.cert.tanet.edu.tw/
Phone: +886-7-5250211
Internet Phone: 98400000
E-Mail: service@cert.tanet.edu.tw
Organizer:
Computer Center