A vulnerability has been discovered in Google Chrome that could allow for arbitrary code execution, impacting systems running Chrome versions prior to 124.0.6367
207/.208 for Windows and Mac, and versions prior to 124.0.6367.207 for Linux. This vulnerability, identified by CVE-2024-4761, enables attackers to execute code within the context of the logged-on user, potentially allowing them to perform actions like installing programs, altering data, or creating new accounts with full rights. The risk level varies, with large and medium government entities facing a high risk, followed by small government entities and large and medium businesses at a medium risk level. Recommendations include applying updates promptly, establishing a vulnerability management process, automating patch management, managing default accounts and privileges, and enforcing security controls like application isolation, exploit protection, anti-exploitation features, and DNS filtering services. Users are advised to be cautious with email links, restrict web content, and maintain user training and security awareness programs to mitigate the impact of this vulnerability. https://www.cisecurity.org/advisory/a-vulnerability-in-google-chrome-could-allow-for-arbitrary-code-execution_2024-052