City, Date – The United Arab Emirates Cyber Security Council (CSC) has issued a critical warning regarding a high-risk vulnerability in Google Chrome that could potentially allow malicious actors to execute code remotely. The vulnerability, tracked as CVE-2023-5472, poses a significant threat to users’ operating systems, prompting urgent action from the council.
The CSC, in a statement posted on X (formerly Twitter), highlighted that the flaw affects an unknown functionality in the Profiles component of Google Chrome, making it susceptible to exploitation via a crafted HTML page. Successful exploitation of CVE-2023-5472 could allow threat actors to escape the browser sandbox and execute malicious code within the target environment.
To mitigate the potential risks associated with this vulnerability, the UAE Cyber Security Council strongly advises users to update their Chrome browsers to the latest version. The affected versions include Google Chrome versions prior to 118.0.59993.117, and users on Microsoft, macOS, and Linux platforms are urged to apply the security updates promptly.
Google Chrome, with approximately 3.3 billion users globally, dominates the browser market with a 65% market share across all platforms, including desktops, tablets, and mobile devices. The Cyber Security Council’s warning underscores the indiscriminate and opportunistic targeting by cyber threat actors seeking to exploit widely-used software.
The council emphasized the critical nature of the update, comparing it to recent warnings from the Qatar National Cyber Security Agency regarding Adobe and RarLab’s WinRAR file archiver tool. These alerts, issued globally, emphasized the necessity of promptly applying security patches to protect against potential threats.
No specific threat group or actor has been attributed to the Google Chrome vulnerability at this time. However, the CSC warns that previous vulnerabilities related to Google Chrome have been targeted in malicious cyber operations, making it imperative for users to follow recommended remediation and mitigation strategies.
The global impact of cyber security attacks is highlighted by data from IBM’s Cost of a Data Breach report, which indicates an average cost of $4.35 million for a data breach in 2022. The UAE’s proactive approach to cyber security is further underscored by its recent announcement of plans to develop a cyber security vision for the next 50 years.
As the UAE aims for the highest level of resilience in addressing digital challenges, the Cyber Security Council remains at the forefront of legislation to strengthen cyber security, ensuring the country’s preparedness against evolving cyber threats.
In addition to the Google Chrome vulnerability, the CSC also warned of several vulnerabilities in Apple systems, including iOS, iPadOS, macOS, watchOS, tvOS, and Safari. The council urges all users to update their systems and software immediately to mitigate potential threats.
The Cyber Security Council of the UAE, established in November 2020, continues to play a crucial role in safeguarding the nation against the growing landscape of digital threats and attacks.
Sources:
https://www.darkreading.com/dr-global/uae-cyber-council-warns-google-chrome-vulnerability
https://gulfbusiness.com/uae-cybersecurity-alert-google-chrome-security/
Author: Akos Sipos UPS, PTMSZK