Vulnerability
Threat Guidances
December 17, 2024

CVE-2024-12053

Image of a crinkly Chrome logo

Lookout Coverage and Recommendation for Admins

To ensure your devices are protected, Lookout admins should take the following steps in their Lookout console:

  • Enable the Application Vulnerability policy, which will detect when a vulnerable app version is on the device. 
  • Lookout will publish the coverage on (December 19th 2024) after which alerts will be generated based on the admin's risk, response and escalation setup. Any device with vulnerable versions of Chrome (below the reported fixed version of 131.0.6778.104 or Edge (131.0.2903.87) will receive an alert if detected after that date. 
  • Enable Lookout Phishing & Content Protection (PCP) to protect mobile users from malicious phishing campaigns that are built to exploit these vulnerabilities in order to phish credentials or deliver malicious apps to the device.

Overview 

Google has recently disclosed a critical vulnerability in their Chrome web browser. It is tracked as CVE-2024-12053. CVE-2024-12053 highlights a Type Confusion in V8 vulnerability in Google Chrome, and could grant a remote attacker the ability to potentially exploit object corruption via a crafted HTML page.

Lookout Analysis

Vulnerabilities like these can have outsized impact on mobile fleets - especially when they exist in everyday apps such as mobile browsers. In addition to gaining remote access to vulnerable devices, successful exploits in browsers also frequently grant the attacker access to the same permissions as the browsers. 

Each of the vulnerabilities disclosed can be exploited via a maliciously crafted webpage, which means that attackers can deliver them as URLs in the same way they would deliver phishing attacks on mobile. This means they would likely socially engineer an individual through SMS, iMessage, WhatsApp, Telegram, Instagram, LinkedIn, or any of the countless messaging and social media apps on mobile devices. A successful attack could lead to continued data leakage and risk for enterprise organizations.

Authors

Lookout

Cloud & Endpoint Security

Lookout, Inc. is the data-centric cloud security company that uses a defense-in-depth strategy to address the different stages of a modern cybersecurity attack. Data is at the core of every organization, and our approach to cybersecurity is designed to protect that data within today’s evolving threat landscape no matter where or how it moves.

Threat Type
Vulnerability
Entry Type
Threat Guidances
Platform(s) Affected
Vulnerability
Threat Guidances

Related Content

CVE-2024-12053

CVE-2024-12053 highlights a Type Confusion in V8 vulnerability in Google Chrome

Read Threat Article

Chrome & Firefox Vulnerabilties

Google and Mozilla have both recently disclosed critical vulnerabilities in their respective Chrome and Firefox web browsers.

Read Threat Article

CVE-2024-8904, 9602, & 9603

Google has reported two new vulnerabilities in Chromium based browsers tracked as CVE-2024-8904 and CVE-2024-9602

Read Threat Article
A woman using her phone and laptop on a train ride.

Lookout Mobile Endpoint Security

Stop Cyberattacks Before They Start With Industry-Leading Threat Intelligence.

Advanced mobile Endpoint Detection & Response powered by data from 185M+ apps and 200M+ devices on iOS, Android, ChromeOS.

Try Lookout for Free Today
Schedule Demo
HeaderHeaderHeaderHeader
CellCellCellCell
CellCellCellCell
CellCellCellCell
CellCellCellCell