Description
Multiple serious vulnerabilities have been found in Google Chrome. Malicious users can exploit these vulnerabilities to spoof user interface and cause a denial of service,bypass security restrictions.
Below is a complete list of vulnerabilities:
- Inability to prevent alerts from being displayed by swapped out frames can be exploited remotely via a specially designed HTML page to show alerts on a page attackers don’t control and spoof user interface;
- Heap corruption vulnerabilities in FFmpeg can be exploited remotely via a specially designed video file possibly to cause a denial of service;
- Type confusion vulnerability in Histogram can be exploited remotely via a specially designed HTML page possibly to cause a denial of service;
- Improper enforcing of unsafe-inline content security policy in Blink can be exploited remotely via a specially designed HTML page to bypass content security policy.
Technical details
Vulnerability (2) occurs because of incorrect bounds checking.
In case of exploiting vulnerability (3), a near null dereference causes a denial of service.
Original advisories
Related products
CVE list
- CVE-2017-5022 warning
- CVE-2017-5023 warning
- CVE-2017-5024 warning
- CVE-2017-5025 warning
- CVE-2017-5026 warning
- CVE-2017-5027 warning
Read more
Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com
Found an inaccuracy in the description of this vulnerability? Let us know!