CVE-2024-6990
📋 TL;DR
This critical vulnerability in Google Chrome's Dawn component on Android allows remote attackers to potentially access memory outside intended bounds via specially crafted HTML pages. Attackers could exploit this to execute arbitrary code or cause crashes. Only Android users running Chrome versions before 127.0.6533.88 are affected.
💻 Affected Systems
- Google Chrome for Android
📦 What is this software?
Chrome by Google
Google Chrome is the world's most popular web browser, used by over 3 billion users globally across Windows, macOS, Linux, Android, and iOS platforms. As a Chromium-based browser developed by Google, Chrome dominates the browser market with approximately 65% market share, making it a critical compon...
Learn more about Chrome →⚠️ Risk & Real-World Impact
Worst Case
Remote code execution leading to complete device compromise, data theft, or persistent malware installation.
Likely Case
Browser crashes, denial of service, or limited information disclosure through memory access.
If Mitigated
Minimal impact if patched; isolated browser crashes if unpatched but with exploit mitigations.
🎯 Exploit Status
Exploitation requires user to visit malicious website but no authentication; complexity moderate due to memory corruption requirements.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 127.0.6533.88
Vendor Advisory: https://chromereleases.googleblog.com/2024/07/stable-channel-update-for-desktop_30.html
Restart Required: Yes
Instructions:
1. Open Google Play Store 2. Search for Chrome 3. Update to version 127.0.6533.88 or later 4. Restart Chrome after update
🔧 Temporary Workarounds
Disable JavaScript
allPrevents execution of malicious scripts but breaks most website functionality
chrome://settings/content/javascript → Block
Use alternative browser
allTemporarily switch to unaffected browser until Chrome is updated
🧯 If You Can't Patch
- Restrict browsing to trusted websites only
- Implement network filtering to block malicious HTML content
🔍 How to Verify
Check if Vulnerable:
Open Chrome → Settings → About Chrome → Check if version is below 127.0.6533.88Check Version:
chrome://version/Verify Fix Applied:
Confirm Chrome version is 127.0.6533.88 or higher in About Chrome📡 Detection & Monitoring
Log Indicators:
- Chrome crash reports
- Memory access violation logs
- Unusual process termination
Network Indicators:
- Requests to known malicious domains serving crafted HTML
- Unusual outbound connections after visiting suspicious sites
SIEM Query:
source="chrome_crash_reports" AND version<"127.0.6533.88" AND process="chrome"