CVE-2024-3172
📋 TL;DR
This vulnerability in Google Chrome DevTools allows remote attackers to execute arbitrary code by tricking users into performing specific UI gestures on a malicious HTML page. It affects Chrome users on all platforms who haven't updated to the patched version. The attacker needs user interaction but can achieve full system compromise.
💻 Affected Systems
- Google Chrome
- Chromium-based browsers
📦 What is this software?
Chrome by Google
Google Chrome is the world's most popular web browser, used by over 3 billion users globally across Windows, macOS, Linux, Android, and iOS platforms. As a Chromium-based browser developed by Google, Chrome dominates the browser market with approximately 65% market share, making it a critical compon...
Learn more about Chrome →⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise with attacker gaining full control over the victim's machine, allowing data theft, ransomware deployment, or persistent backdoor installation.
Likely Case
Attacker executes malicious code in the context of the Chrome process, potentially stealing sensitive browser data, session cookies, and credentials stored in the browser.
If Mitigated
No impact if Chrome is updated to the patched version or if users avoid interacting with untrusted web content.
🎯 Exploit Status
Exploitation requires user interaction (specific UI gestures) and a crafted HTML page. No public exploit code is available as of analysis.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 121.0.6167.85 and later
Vendor Advisory: https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html
Restart Required: Yes
Instructions:
1. Open Chrome. 2. Click the three-dot menu > Help > About Google Chrome. 3. Chrome will automatically check for updates and install version 121.0.6167.85 or later. 4. Click 'Relaunch' to restart Chrome with the fix applied.
🔧 Temporary Workarounds
Disable DevTools
allPrevents exploitation by disabling Chrome DevTools, though this impacts developer functionality.
Not applicable via command line. Use Chrome policies or manually avoid opening DevTools (F12).
Restrict Web Content
allLimit browsing to trusted websites only to reduce exposure to malicious pages.
🧯 If You Can't Patch
- Use alternative browsers until Chrome can be updated.
- Implement network filtering to block access to untrusted websites and enforce strict browsing policies.
🔍 How to Verify
Check if Vulnerable:
Check Chrome version: if below 121.0.6167.85, the system is vulnerable.Check Version:
On Windows/macOS/Linux: Open Chrome, go to chrome://version/ and check the 'Google Chrome' version number.Verify Fix Applied:
Confirm Chrome version is 121.0.6167.85 or higher after update.📡 Detection & Monitoring
Log Indicators:
- Unusual Chrome crashes or process anomalies
- Suspicious DevTools activity in Chrome logs
Network Indicators:
- Requests to known malicious domains hosting crafted HTML pages
- Unusual outbound connections post-user interaction with web content
SIEM Query:
source="chrome" AND (event="crash" OR event="devtools_activity") AND version<"121.0.6167.85"