Multiple vulnerabilities in Google Chrome

Beschreibung

Multiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information, bypass security restrictions and spoof user interface.

Below is a complete list of vulnerabilities:

1. Use-after-free vulnerability in media component can be exploited to execute arbitrary code;
2. Heap overflow vulnerability in Mojo component can be exploited to execute arbitrary code;
3. Unspecified vulnerability can be exploited via trigger other browser to bypass security restrictions;
4. URL bar spoof vulnerability can be exploited via download redirect to spoof user interface;
5. Out-of-bounds access vulnerability in V8 component can be exploited to bypass security restrictions;
6. Use-after-free vulnerability in V8 component can be exploited to execute arbitrary code;
7. Unspecified vulnerability can be exploited via bypass same origin policy to bypass security restrictions;
8. Unspecified vulnerability can be exploited via SameSite cookie bypass to bypass security restrictions;
9. Unspecified vulnerability in SwiftShader component can be exploited via arbitrary read to bypass security restrictions;
10. Unspecified vulnerability can be exploited via URL spoof to spoof user interface;
11. Unspecified vulnerability can be exploited via full screen notification overlap to bypass security restrictions;
12. Unspecified vulnerability can be exploited via CSP spoof to spoof user interface;
13. Unspecified vulnerability can be exploited via full screen notification spoof to spoof user interface;
14. Unspecified vulnerability can be exploited via IDN spoof to spoof user interface;
15. Unspecified vulnerability can be exploited via CSRF bypass to bypass security restrictions;
16. Unspecified vulnerability can be exploited via multiple file download to bypass security restrictions;
17. Unspecified vulnerability can be exploited via using storage size estimate by side channel to bypass security restrictions;
18. URI bar spoofing vulnerability can be exploited via using external app URIs to spoof user interface;
19. Unspecified vulnerability can be exploited via global window leak via console to bypass security restrictions;
20. Unspecified vulnerability can be exploited via HTTP authentication spoof to spoof user interface;
21. Memory corruption vulnerability in V8 component can be exploited to execute arbitrary code;
22. Unspecified vulnerability can be exploited via dialog box failing to show origin to bypass security restrictions;
23. Unspecified vulnerability can be exploited via cross-origin information leak using devtools to bypass security restrictions;
24. Unspecified vulnerability can be exploited via extensions disable by trailing slash to bypass security restrictions;
25. Unspecified vulnerability can be exploited via shown for certificate warning to bypass security restrictions;
26. Unspecified vulnerability can be exploited to bypass security restrictions;
27. Unspecified vulnerability can be exploited via download dialog spoofing to spoof user interface;
28. Unspecified vulnerability can be exploited via IP address spoofing to servers to spoof user interface;
29. Unspecified vulnerability can be exploited via downloading to bypass security restrictions;
30. Unspecified vulnerability can be exploited via site isolation bypass to bypass security restrictions;
31. Unspecified vulnerability can be exploited via exceptions leaked by devtools to bypass security restrictions;

Ursprüngliche Informationshinweise

• Stable Channel Update for Desktop

Ausnutzung

Public exploits exist for this vulnerability.

Betroffene Produkte

• Google-Chrome

CVE Liste

• CVE-2019-5870
  critical
• CVE-2019-5871
  critical
• CVE-2019-5872
  high
• CVE-2019-5873
  warning
• CVE-2019-5874
  critical
• CVE-2019-5875
  warning
• CVE-2019-5876
  critical
• CVE-2019-5877
  critical
• CVE-2019-5878
  critical
• CVE-2019-5879
  high
• CVE-2019-5880
  high
• CVE-2019-5881
  critical
• CVE-2019-13659
  warning
• CVE-2019-13660
  high
• CVE-2019-13661
  warning
• CVE-2019-13662
  high
• CVE-2019-13663
  warning
• CVE-2019-13664
  high
• CVE-2019-13665
  high
• CVE-2019-13666
  high
• CVE-2019-13667
  warning
• CVE-2019-13668
  high
• CVE-2019-13669
  warning
• CVE-2019-13670
  high
• CVE-2019-13671
  warning
• CVE-2019-13673
  high
• CVE-2019-13674
  warning
• CVE-2019-13675
  warning
• CVE-2019-13676
  warning
• CVE-2019-13677
  high
• CVE-2019-13678
  high
• CVE-2019-13679
  warning
• CVE-2019-13680
  high
• CVE-2019-13681
  warning
• CVE-2019-13682
  critical
• CVE-2019-13683
  high
• CVE-2019-13691
  warning
• CVE-2019-13692
  critical
• CVE-2019-13766
  high

Mehr erfahren

Informieren Sie sich über die Statistiken der in Ihrer Region verbreiteten Sicherheitslücken statistics.securelist.com