Beschreibung
Multiple serious vulnerabilities have been found in Google Chrome. Malicious users can exploit these vulnerabilities to spoof user interface and cause a denial of service,bypass security restrictions.
Below is a complete list of vulnerabilities:
- Inability to prevent alerts from being displayed by swapped out frames can be exploited remotely via a specially designed HTML page to show alerts on a page attackers don’t control and spoof user interface;
- Heap corruption vulnerabilities in FFmpeg can be exploited remotely via a specially designed video file possibly to cause a denial of service;
- Type confusion vulnerability in Histogram can be exploited remotely via a specially designed HTML page possibly to cause a denial of service;
- Improper enforcing of unsafe-inline content security policy in Blink can be exploited remotely via a specially designed HTML page to bypass content security policy.
Technical details
Vulnerability (2) occurs because of incorrect bounds checking.
In case of exploiting vulnerability (3), a near null dereference causes a denial of service.
Ursprüngliche Informationshinweise
CVE Liste
- CVE-2017-5022 warning
- CVE-2017-5023 warning
- CVE-2017-5024 warning
- CVE-2017-5025 warning
- CVE-2017-5026 warning
- CVE-2017-5027 warning
Mehr erfahren
Informieren Sie sich über die Statistiken der in Ihrer Region verbreiteten Sicherheitslücken statistics.securelist.com
Sie haben einen Fehler in der Beschreibung der Schwachstelle gefunden? Mitteilen!