Kaspersky Threats

Beschreibung

Multiple serious vulnerabilities have been found in Google Chrome. Malicious users can exploit these vulnerabilities possibly to cause denial of service or spoof user interface.

Below is a complete list of vulnerabilities:

Incorrect processing of AppMenifests can be exploited remotely to perform unspecified attacks;
An unspecified vulnerability can be exploited remotely via specially crafted web page to bypass security restrictions;
Incorrect validation of submissions to Interstitials can be exploited remotely via specially crafted web page to perform cross-site scripting attacks;
Improper processing of inter-process communication (IPC) calls can be exploited remotely via specially crafted web page to obtain sensitive information;
Improper texture data processing in WebGL can be exploited remotely via specially crafted web page to obtain sensitive information;
A vulnerability in OmniBox can be exploited remotely via specially crafted web page to spoof user interface;
An unspecified vulnerability can be exploited remotely via SVG filters to provide timing attack to obtain sensitive information;
Improper processing of URL fragment identifiers in Blink can be exploited remotely to spoof user interface;
Insufficient access restrictions can be exploited remotely to bypass security restrictions;
A vulnerability in the Mark-of-the-Web (MOTW) protection mechanism can be exploited remotely via specially crafted web page to bypass security restrictions;
A heap buffer overflow vulnerability in WebGL can be exploited remotely via specially crafted web page to obtain sensitive information;
An incorrect memory management in PDFium can be exploited remotely via specially crafted PDF file to cause denial of service;
A heap buffer overflow vulnerability in Skia can be exploited remotely via specially crafted web page to obtain sensitive information;
Multiple unspecified vulnerabilities can be exploited remotely via specially crafted web page to bypass security restrictions;
A stack buffer overflow vulnerability in Skia can be exploited remotely via specially crafted web page to obtain sensitive information;
An unspecified vulnerability can be exploited remotely via specially crafted web page to obtain sensitive information;
A buffer overflow vulnerability in Skia can be exploited remotely to obtain sensitive information;
An integer overflow vulnerability in V8 can be exploited remotely via specially crafted web page to execute arbitrary code;
A type confusion vulnerability in V8 can be exploited remotely to execute arbitrary code;
A heap buffer overflow vulnerability in Skia can be exploited remotely via specially crafted web page to execute arbitrary code;
A race condition vulnerability in V8 can be exploited remotely to execute arbitrary code;
An use after free vulnerability in Blink can be exploited remotely via specially crafted web page to execute arbitrary code;
Multiple use after free vulnerabilities can be exploited remotely via specially crafted web page to execute arbitrary code;
Multiple incorrect sharing memory restrictions can be exploited remotely via specially crafted web page to execute arbitrary code;

Ursprüngliche Informationshinweise

Stable Channel Update for Desktop

CVE Liste

CVE-2018-6058
critical
CVE-2018-6059
critical
CVE-2018-6060
critical
CVE-2018-6061
critical
CVE-2018-6062
critical
CVE-2018-6057
critical
CVE-2018-6063
critical
CVE-2018-6064
critical
CVE-2018-6065
critical
CVE-2018-6066
critical
CVE-2018-6067
critical
CVE-2018-6068
critical
CVE-2018-6069
critical
CVE-2018-6070
critical
CVE-2018-6071
critical
CVE-2018-6072
critical
CVE-2018-6073
critical
CVE-2018-6074
critical
CVE-2018-6075
critical
CVE-2018-6076
critical
CVE-2018-6077
critical
CVE-2018-6078
critical
CVE-2018-6079
critical
CVE-2018-6080
critical
CVE-2018-6081
critical
CVE-2018-6082
critical
CVE-2018-6083
critical

Mehr erfahren

Informieren Sie sich über die Statistiken der in Ihrer Region verbreiteten Sicherheitslücken statistics.securelist.com

Sie haben einen Fehler in der Beschreibung der Schwachstelle gefunden? Mitteilen!