Beschreibung
Multiple serious vulnerabilities have been found in Google Chrome versions earlier than 59.0.3071.86. Malicious users can exploit these vulnerabilities possibly to cause a denial of service, execute arbitrary code, bypass security restrictions and obtain sensitive information.
Below is a complete list of vulnerabilities:
- Type confusion in V8 can be exploited remotely possibly to obtain sensitive information or execute arbitrary code;
- Out-of-bounds read in V8 can be exploited remotely by an unauthenticated attacker possibly to cause a denial of service;
- An unspecified vulnerability in Omnibox can be exploited remotely possibly spoof addresses;
- Use-after-free vulnerability in print preview can be exploited remotely possibly to execute arbitrary code or cause a denial of service;
- Use-after-free vulnerability in Apps Bluetooth can be exploited remotely possibly to obtain sensitive information or cause a denial of service;
- An unspecified vulnerability in CSP reporting can be exploited remotely possibly to obtain sensitive information;
- Multiple unspecified vulnerabilities in Omnibox can be exploited remotely possibly to spoof user interface;
- Heap buffer overflow in Skia can be exploited remotely possibly to cause a denial of service;
- An improper mailto handling can be exploited remotely possibly to execute arbitrary code;
- Multiple unspecified vulnerabilities in Blink can be exploited remotely to spoof user interface;
- Use-after-free vulnerability in credit card autofill can be exploited remotely possibly to execute arbitrary code;
- An unspecified vulnerability can be exploited remotely possibly to bypass extension verification;
- Insufficient hardening in credit card editor can be exploited remotely by an unauthenticated user with an unspecified impact;
- Improper JavaScript code execution on WebUI pages can be exploited remotely possibly to obtain sensitive information or spoof user interface.
NB: These vulnerabilities do not have any public CVSS rating so rating can be changed by the time.
NB: At this moment Google has just reserved CVE numbers for thess vulnerabilities. Information can be changed soon.
Ursprüngliche Informationshinweise
CVE Liste
- CVE-2017-5087 high
- CVE-2017-5088 high
- CVE-2017-5089 high
- CVE-2017-5076 high
- CVE-2017-5077 high
- CVE-2017-5078 high
- CVE-2017-5079 high
- CVE-2017-5080 high
- CVE-2017-5081 high
- CVE-2017-5083 high
- CVE-2017-5086 high
- CVE-2017-5070 high
- CVE-2017-5071 high
- CVE-2017-5073 high
- CVE-2017-5074 high
- CVE-2017-5075 high
Mehr erfahren
Informieren Sie sich über die Statistiken der in Ihrer Region verbreiteten Sicherheitslücken statistics.securelist.com
Sie haben einen Fehler in der Beschreibung der Schwachstelle gefunden? Mitteilen!