CVE-2024-7977
📋 TL;DR
This vulnerability allows a local attacker on Windows systems to escalate privileges by exploiting insufficient data validation in Google Chrome's installer. Attackers could gain elevated system access by tricking users into running a malicious file. Only Windows users running vulnerable Chrome versions are affected.
💻 Affected Systems
- Google Chrome
📦 What is this software?
Chrome by Google
Google Chrome is the world's most popular web browser, used by over 3 billion users globally across Windows, macOS, Linux, Android, and iOS platforms. As a Chromium-based browser developed by Google, Chrome dominates the browser market with approximately 65% market share, making it a critical compon...
Learn more about Chrome →⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise with administrative privileges, allowing installation of persistent malware, data theft, and lateral movement across the network.
Likely Case
Local privilege escalation enabling attackers to bypass security controls, install unwanted software, or modify system configurations.
If Mitigated
Limited impact if users run with minimal privileges, have application whitelisting, or use endpoint protection that blocks unauthorized privilege escalation.
🎯 Exploit Status
Requires local access and user interaction with a malicious file. No public exploit code has been released.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 128.0.6613.84 and later
Vendor Advisory: https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop_21.html
Restart Required: Yes
Instructions:
1. Open Chrome. 2. Click the three-dot menu → Help → About Google Chrome. 3. Chrome will automatically check for and install updates. 4. Click 'Relaunch' to restart Chrome with the updated version.
🔧 Temporary Workarounds
Disable automatic Chrome updates
windowsPrevents automatic installation of malicious updates, but also prevents security patches
Not recommended as it prevents security updates
🧯 If You Can't Patch
- Run Chrome with standard user privileges only, not as administrator
- Implement application control policies to restrict execution of unauthorized installer files
🔍 How to Verify
Check if Vulnerable:
Check Chrome version: Open Chrome → Click three-dot menu → Help → About Google Chrome. If version is below 128.0.6613.84, you are vulnerable.Check Version:
chrome://version/ in Chrome address barVerify Fix Applied:
Verify Chrome version is 128.0.6613.84 or higher using the same method.📡 Detection & Monitoring
Log Indicators:
- Unusual Chrome installer processes running with elevated privileges
- Chrome update processes from unexpected locations
Network Indicators:
- Unusual outbound connections from Chrome installer processes
SIEM Query:
Process Creation where (Image contains 'chrome_installer' OR ParentImage contains 'chrome_installer') AND IntegrityLevel='High'