Beschreibung
Multiple serious vulnerabilities have been found in Google Chrome. Malicious users can exploit these vulnerabilities to cause a denial of service, bypass security restrictions, to spoof user interface, execute arbitrary code and perform cross-site scripting attack.
Below is a complete list of vulnerabilities:
- An unspecified vulnerability in the WebAssembly component can be exploited remotely by an unauthenticated attacker possibly to execute arbitrary code;
- Unspecified vulnerabilities in the Skia component can be exploited remotely by unauthenticated attacker possibly to cause denial of service;
- An unspecified vulnerability in LibXML2 can be exploited remotely by an unauthenticated attacker possibly to execute arbitrary code;
- An unspecified vulnerability in the WebAudio component can be exploited remotely by an unauthenticated attacker possibly to execute arbitrary code;
- An unspecified vulnerability in the WebGL component can be exploited remotely by an unauthenticated attacker possibly to execute arbitrary code;
- Unspecified vulnerabilities in the PDFium component can be exploited remotely by unauthenticated attacker possibly to execute arbitrary code;
- An unspecified vulnerability in the Skia component can be exploited remotely by unauthenticated attacker possibly to execute arbitrary code;
- A vulnerability in Google Chrome and Chromium can be exploited remotely by unauthenticated attacker possibly to perform a universal cross-site scripting attack;
- An unspecified vulnerability in the ImageCapture component can be exploited remotely by unauthenticated attacker possibly to cause denial of service;
- An unspecified vulnerability in Extention UI can be exploited remotely by unauthenticated attacker possibly to spoof user interface;
- An unspecified vulnerability in the DevTools component can be exploited remotely by unauthenticated attacker possibly to spoof user interface;
- An unspecified vulnerability in PlatformIntegration can be exploited remotely by unauthenticated attacker possibly to spoof user interface;
- An unspecified vulnerability in extensions can be exploited remotely by unauthenticated attacker possibly to bypass security restrictions;
- Unspecified vulnerabilities in Omnibox can be exploited remotely by unauthenticated attacker possibly to spoof user interface;
- An unspecified vulnerability in the Skia component can be exploited remotely by unauthenticated attacker possibly to cause denial of service;
- A vulnerability in Google Chrome and Chromium can be exploited remotely by unauthenticated attacker possibly to bypass security restrictions;
- An unspecified vulnerability in the Blink component can be exploited remotely by unauthenticated attacker possibly to spoof user interface;
Technical details
NB: This vulnerability does not have any public CVSS rating, so rating can be changed by the time.
NB: At this moment Google has just reserved CVE numbers for these vulnerabilities. Information can be changed soon.
Ursprüngliche Informationshinweise
CVE Liste
- CVE-2017-15388 high
- CVE-2017-15389 high
- CVE-2017-15390 high
- CVE-2017-15391 high
- CVE-2017-15392 high
- CVE-2017-15393 high
- CVE-2017-15394 high
- CVE-2017-15395 high
- CVE-2017-5124 high
- CVE-2017-5125 high
- CVE-2017-5126 high
- CVE-2017-5127 high
- CVE-2017-5128 high
- CVE-2017-5129 high
- CVE-2017-5132 high
- CVE-2017-5130 high
- CVE-2017-5131 high
- CVE-2017-5133 high
- CVE-2017-15386 high
- CVE-2017-15387 high
Mehr erfahren
Informieren Sie sich über die Statistiken der in Ihrer Region verbreiteten Sicherheitslücken statistics.securelist.com