Beschreibung
Multiple serious vulnerabilities have been found in Google Chrome. Malicious users can exploit these vulnerabilities to cause denial of service, spoof user interface and obtain sensitive information.
Below is a complete list of vulnerabilities:
- A use-after-free in IndexedDB can be exploited remotely possibly to execute arbitrary code;
- A use-after-free in PPAPI can be exploited remotely possibly to execute arbitrary code;
- An unspecified vulnerability in Blink can be exploited remotely to spoof user interface;
- A type confusion vulnerability in extensions can be exploited remotely possibly to execute arbitrary code;
- An out-of-bounds write in PDFium can be exploited remotely possibly to execute arbitrary code or cause a denial of service;
- An unspecified vulnerability can be exploited remotely to obtain sensitive information;
- An out-of-bounds read in Skia can be exploited remotely possibly to execute arbitrary code or cause a denial of service;
- A use-after-free vulnerability in V8 can be exploited remotely possibly to execute arbitrary code;
- An out-of-bounds write in PPAPI can be exploited remotely possibly to execute arbitrary code;
- A use-after-free vulnerability in Chrome Apps can be exploited remotely possibly to cause denial of service;
- Multiple unspecified vulnerabilities in OmniBox can be exploited to spoof user interface (URLs);
- Multiple vulnerabilities related to uninitialized use in Skia can be exploited remotely possibly to cause denial of service or another unspecified impact;
- Multiple unspecified vulnerabilities in browser can be exploited remotely to spoof user interface;
- A pointer disclosure vulnerability in SQLite can be exploited remotely to execute arbitrary code;
- An unspecified vulnerability in the SVG component can be exploited remotely to obtain sensitive information or have another unspecified impact;
- A type confusion vulnerability in PDFium can be exploited to possibly to have an unspecified impact;
- An unspecified vulnerability in Payments dialog can be exploited to spoof user interface.
Technical details
Vulnerability (6) is related to Android intents.
NB: Not every vulnerability already have CVSS rating so cumulative CVSS rating can be not representative.
NB: At this moment Google just reserved CVE numbers for this vulnerabilities. Information can be changed soon.
Ursprüngliche Informationshinweise
CVE Liste
- CVE-2017-5108 high
- CVE-2017-5109 high
- CVE-2017-5110 high
- CVE-2017-5091 high
- CVE-2017-5092 high
- CVE-2017-5093 high
- CVE-2017-5094 high
- CVE-2017-5095 high
- CVE-2017-5096 high
- CVE-2017-5097 high
- CVE-2017-5098 high
- CVE-2017-5099 high
- CVE-2017-5100 high
- CVE-2017-5101 high
- CVE-2017-5102 high
- CVE-2017-5103 high
- CVE-2017-5104 high
- CVE-2017-5105 high
- CVE-2017-5106 high
- CVE-2017-5107 high
- CVE-2017-6991 high
Mehr erfahren
Informieren Sie sich über die Statistiken der in Ihrer Region verbreiteten Sicherheitslücken statistics.securelist.com
Sie haben einen Fehler in der Beschreibung der Schwachstelle gefunden? Mitteilen!