Beschreibung
Multiple serious vulnerabilities have been found in Google Chrome earlier than 58.0.3029.81. Malicious users can exploit these vulnerabilities to execute arbitrary code and spoof user interface.
Below is a complete list of vulnerabilities:
- Type confusion in the PDFium component can be exploited remotely by an unauthenticated attacker to cause denial of service;
- A use after free in the PrintPreview component can be exploited remotely by an unauthenticated attacker to cause denial of service;
- Type confusion in the Blink component can be exploited remotely by an unauthenticated attacker to execute arbitrary code;
- Insufficient Policy Enforcement in Omnibox component can be exploited remotely by an unauthenticated attacker to bypass security restrictions;
- A race condition in navigation can be exploited remotely by an unauthenticated attacker to spoof user interface;
- A use after free in Chrome Apps can be exploited remotely by an unauthenticated attacker to cause denial of service;
- A numeric overflow in the Skia component can be exploited remotely by an unauthenticated attacker to cause denial of service;
- Incorrect handling of DOM changes in Blink component can be exploited remotely by an unauthenticated attacker to cause denial of service;
- Lack of an appropriate action on page navigation in Blink component can be exploited remotely by an unauthenticated attacker to bypass security restrictions;
- Insufficient consistency checks in signature handling in the networking stack can be exploited remotely by an unauthenticated attacker to bypass security restrictions;
- An insufficient watchdog timer in navigation can be exploited remotely by an unauthenticated attacker to spoof user interface;
- Incorrect MIME type of XSS-Protection reports in Blink component can be exploited remotely by an unauthenticated attacker to escalate of privilege;
Technical details
NB: This vulnerability does not have any public CVSS rating, so rating can be changed by the time.
Ursprüngliche Informationshinweise
CVE Liste
- CVE-2017-5057 high
- CVE-2017-5058 high
- CVE-2017-5059 high
- CVE-2017-5060 high
- CVE-2017-5061 high
- CVE-2017-5062 high
- CVE-2017-5063 high
- CVE-2017-5064 high
- CVE-2017-5065 high
- CVE-2017-5066 high
- CVE-2017-5067 high
- CVE-2017-5068 high
- CVE-2017-5069 high
Mehr erfahren
Informieren Sie sich über die Statistiken der in Ihrer Region verbreiteten Sicherheitslücken statistics.securelist.com
Sie haben einen Fehler in der Beschreibung der Schwachstelle gefunden? Mitteilen!