CVE-2024-7977

Summary

CVE-2024-7977 is a vulnerability in the Installer of Google Chrome on Windows, affecting versions prior to 128.0.6613.84, which allows local attackers to escalate privileges via a malicious file due to insufficient data validation. The impact of this flaw is categorized as "Medium" by Chromium security standards, with high potential risks for confidentiality and integrity, scoring a base severity of 7.8 on the CVSS scale. To remediate this vulnerability, users are advised to update their Google Chrome installations to version 128.0.6613.84 or later. The exploit requires user interaction and has been rated with an exploitability score of 1.8, indicating that while it is feasible to exploit, certain conditions must be met for successful execution. Organizations using affected versions should prioritize updating their software to mitigate the risks associated with this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.