Popis
Multiple serious vulnerabilities have been found in Google Chrome. Malicious users can exploit these vulnerabilities possibly to execute arbitrary code, cause denial of service, perform cross-site scripting attacks, obtain sensitive information, spoof user interface, bypass security restrictions and perform unspecified attacks.
Below is a complete list of vulnerabilities:
- An use after free vulnerability in Blink can be exploited remotely to execute arbitrary code;
- A type confusion vulnerability in Blink can be exploited remotely to execute arbitrary code;
- An overly permissive policy in WebUSB can be exploited remotely to perform unspecified attacks;
- Multiple heap buffer overflow vulnerabilities in Skia can be exploited remotely to cause denial of service;
- An use after free vulnerability in indexedDB can be exploited remotely to cause denial of service;
- An uXSS vulnerability in Chrome for iOS can be exploited remotely to perform cross-site scripting attacks;
- Multiple out-of-bounds memory access vulnerabilities in WebRTC can be exploited remotely possibly to obtain sensitive information, cause denial of service or execute arbitrary code;
- An incorrect mutability protection in WebAssembly can be exploited remotely possibly to obtain sensitive information;
- An use of uninitialized memory vulnerability in WebRTC can be exploited remotely to cause denial of service;
- An URL spoof vulnerability in Omnibox can be exploited remotely to spoof user interface;
- A referrer policy bypass in Blink can be exploited remotely to bypass security restrictions;
- An UI spoofing vulnerability in Blink can be exploited remotely to spoof user interface;
- Multiple out-of-bounds memory access vulnerabilities in V8 can be exploited remotely possibly to obtain sensitive information, cause denial of service or execute arbitrary code;
- A leak of visited status of page in Blink can be exploited remotely to obtain sensitive information;
- An overly permissive policy in Extentions can be exploited remotely to perform unspecified attacks;
- Multiple restrictions bypass vulnerabilities in the debugger can be exploited remotely to bypass security restrictions;
- An out-of-bounds memory access vulnerability in PDFium can be exploited remotely to cause denial of service;
- An incorrect escaping of MathML in Blink can be exploited remotely to cause denial of service;
NB: This vulnerability does not have any public CVSS rating, so rating can be changed by the time.
NB: At this moment Google has just reserved CVE numbers for these vulnerabilities. Information can be changed soon.
Oficiální doporučení
Vykořisťování
Public exploits exist for this vulnerability.
Související produkty
seznam CVE
- CVE-2018-6123 high
- CVE-2018-6124 critical
- CVE-2018-6125 high
- CVE-2018-6126 critical
- CVE-2018-6127 critical
- CVE-2018-6128 high
- CVE-2018-6129 high
- CVE-2018-6130 high
- CVE-2018-6131 critical
- CVE-2018-6132 warning
- CVE-2018-6133 high
- CVE-2018-6134 high
- CVE-2018-6135 high
- CVE-2018-6136 high
- CVE-2018-6137 high
- CVE-2018-6138 critical
- CVE-2018-6139 critical
- CVE-2018-6140 critical
- CVE-2018-6141 critical
- CVE-2018-6142 high
- CVE-2018-6143 high
- CVE-2018-6144 critical
- CVE-2018-6145 high
- CVE-2018-6147 high
Zobrazit více
Zjistěte statistiky zranitelností šířících se ve vaší oblasti statistics.securelist.com