CVE-2024-7979
📋 TL;DR
This vulnerability allows a local attacker on Windows systems to escalate privileges by exploiting insufficient data validation in Google Chrome's installer through a crafted symbolic link. It affects Google Chrome on Windows versions prior to 128.0.6613.84. Attackers must already have local access to the system to exploit this flaw.
💻 Affected Systems
- Google Chrome
📦 What is this software?
Chrome by Google
Google Chrome is the world's most popular web browser, used by over 3 billion users globally across Windows, macOS, Linux, Android, and iOS platforms. As a Chromium-based browser developed by Google, Chrome dominates the browser market with approximately 65% market share, making it a critical compon...
Learn more about Chrome →⚠️ Risk & Real-World Impact
Worst Case
Local attacker gains SYSTEM/administrator privileges, enabling complete system compromise, data theft, malware persistence, and lateral movement.
Likely Case
Local user with limited privileges escalates to administrator rights, allowing installation of malware, configuration changes, or access to protected resources.
If Mitigated
Attack fails due to proper access controls, user account restrictions, or already patched systems.
🎯 Exploit Status
Requires local access and ability to create symbolic links. Exploit details not publicly disclosed.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 128.0.6613.84 and later
Vendor Advisory: https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop_21.html
Restart Required: Yes
Instructions:
1. Open Chrome. 2. Click three-dot menu → Help → About Google Chrome. 3. Chrome will automatically check for and install update. 4. Click 'Relaunch' to restart Chrome with updated version.
🔧 Temporary Workarounds
Restrict Symbolic Link Creation
windowsLimit ability to create symbolic links to administrators only
Set registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\EnableLinkedConnections = 0
🧯 If You Can't Patch
- Restrict local user privileges to prevent symbolic link creation
- Implement application whitelisting to block unauthorized installer execution
🔍 How to Verify
Check if Vulnerable:
Check Chrome version: Open Chrome → Help → About Google Chrome. If version is below 128.0.6613.84, system is vulnerable.Check Version:
chrome://version/ or 'chrome --version' in command lineVerify Fix Applied:
Confirm Chrome version is 128.0.6613.84 or higher after update.📡 Detection & Monitoring
Log Indicators:
- Unusual Chrome installer activity
- Symbolic link creation in Chrome installation directories
- Privilege escalation events in Windows Security logs
Network Indicators:
- No network indicators - local exploit only
SIEM Query:
EventID=4688 AND ProcessName LIKE '%chrome_installer%' AND CommandLine CONTAINS 'symbolic' OR 'symlink'