Multiple vulnerabilities in Google Chrome have been discovered that could lead to arbitrary code execution. These vulnerabilities, such as Use after free in Picture In Picture (CVE-2024-4331) and Use after free in Dawn (CVE-2024-4368), could be exploited to execute arbitrary code within the context of the logged-on user. Depending on user privileges, attackers could install programs, access or modify data, or create new accounts with full user rights
The impact is higher for users with administrative privileges than those with limited rights. Recommendations advise immediate software updates, vulnerability management processes, automated patch management, and restricting administrator privileges. In order to prevent exploitation, it is crucial to use fully supported browsers, run software as non-privileged users, enable anti-exploitation features, restrict web-based content, use DNS filtering services, and block unnecessary file types. Implementing security awareness programs, training on social engineering attacks, and maintaining security protocols are also highlighted. ```https://www.cisecurity.org/advisory/multiple-vulnerabilities-in-google-chrome-could-allow-for-arbitrary-code-execution_2024-044