Beschreibung
Multiple serious vulnerabilities have been found in Google Chrome. Malicious users can exploit these vulnerabilities to cause a denial of service, bypass security restrictions, spoof user interface, execute arbitrary code, escalate privileges, obtain sensitive information and perform cross-site scripting attack.
Below is a complete list of vulnerabilities:
- A use after free in IndexedDB component can be exploited remotely by an unauthenticated attacker to cause denial of service;
- Insufficient validation of untrusted input in PPAPI Plugins component can be exploited remotely by an unauthenticated attacker to bypass security restrictions;
- Inappropriate implementation in modal dialog handling in Blink component can be exploited remotely by an unauthenticated attacker to spoof user interface;
- Type confusion in extensions JavaScript can be exploited remotely by an unauthenticated attacker to bypass security restrictions;
- Stack overflow in PDFium component can be exploited remotely by an unauthenticated attacker to execute arbitrary code;
- Insufficient policy enforcement during navigation can be exploited remotely by an unauthenticated attacker to perform a universal cross-site scripting attack;
- Insufficient validation of untrusted input in Skia component can be exploited remotely by an unauthenticated attacker to cause denial of service;
- A use after free in V8 component can be exploited remotely by an unauthenticated attacker to cause denial of service;
- Insufficient validation of untrusted input in PPAPI Plugins component can be exploited remotely by an unauthenticated attacker to escalate privilege;
- A use after free in Apps component can be exploited remotely by an unauthenticated attacker to cause denial of service;
- Inappropriate implementation in Omnibox component can be exploited remotely by an unauthenticated attacker to spoof user interface;
- Use of an uninitialized value in Skia component can be exploited remotely by an unauthenticated attacker to obtain sensitive information;
- Inappropriate implementation in interstitials can be exploited remotely by an unauthenticated attacker to spoof user interface;
- Insufficient Policy Enforcement in Omnibox component can be exploited remotely by an unauthenticated attacker to spoof user interface;
- A timing attack in SVG rendering can be exploited remotely by an unauthenticated attacker to perform a universal cross-site scripting attack;
- Type confusion in PDFium component can be exploited remotely by an unauthenticated attacker to bypass security restrictions;
- Inappropriate implementation of unload handler handling in permission prompts can be exploited remotely by an unauthenticated attacker to spoof user interface;
- Inappropriate implementation of the web payments API on blob: and data: schemes in Web Payments component can be exploited remotely by an unauthenticated attacker to spoof user interface;
Technical details
NB: This vulnerability does not have any public CVSS rating, so rating can be changed by the time.
Ursprüngliche Informationshinweise
CVE Liste
- CVE-2017-5108 high
- CVE-2017-5109 high
- CVE-2017-5110 high
- CVE-2017-5091 high
- CVE-2017-5092 high
- CVE-2017-5093 high
- CVE-2017-5094 high
- CVE-2017-5095 high
- CVE-2017-5096 high
- CVE-2017-5097 high
- CVE-2017-5098 high
- CVE-2017-5099 high
- CVE-2017-5100 high
- CVE-2017-5101 high
- CVE-2017-5102 high
- CVE-2017-5103 high
- CVE-2017-5104 high
- CVE-2017-5105 high
- CVE-2017-5106 high
- CVE-2017-5107 high
Mehr erfahren
Informieren Sie sich über die Statistiken der in Ihrer Region verbreiteten Sicherheitslücken statistics.securelist.com
Sie haben einen Fehler in der Beschreibung der Schwachstelle gefunden? Mitteilen!