Description
Multiple serious vulnerabilities have been found in Google Chrome. Malicious users can exploit these vulnerabilities to cause denial of service, spoof user interface and obtain sensitive information.
Below is a complete list of vulnerabilities:
- A use-after-free in IndexedDB can be exploited remotely possibly to execute arbitrary code;
- A use-after-free in PPAPI can be exploited remotely possibly to execute arbitrary code;
- An unspecified vulnerability in Blink can be exploited remotely to spoof user interface;
- A type confusion vulnerability in extensions can be exploited remotely possibly to execute arbitrary code;
- An out-of-bounds write in PDFium can be exploited remotely possibly to execute arbitrary code or cause a denial of service;
- An unspecified vulnerability can be exploited remotely to obtain sensitive information;
- An out-of-bounds read in Skia can be exploited remotely possibly to execute arbitrary code or cause a denial of service;
- A use-after-free vulnerability in V8 can be exploited remotely possibly to execute arbitrary code;
- An out-of-bounds write in PPAPI can be exploited remotely possibly to execute arbitrary code;
- A use-after-free vulnerability in Chrome Apps can be exploited remotely possibly to cause denial of service;
- Multiple unspecified vulnerabilities in OmniBox can be exploited to spoof user interface (URLs);
- Multiple vulnerabilities related to uninitialized use in Skia can be exploited remotely possibly to cause denial of service or another unspecified impact;
- Multiple unspecified vulnerabilities in browser can be exploited remotely to spoof user interface;
- A pointer disclosure vulnerability in SQLite can be exploited remotely to execute arbitrary code;
- An unspecified vulnerability in the SVG component can be exploited remotely to obtain sensitive information or have another unspecified impact;
- A type confusion vulnerability in PDFium can be exploited to possibly to have an unspecified impact;
- An unspecified vulnerability in Payments dialog can be exploited to spoof user interface.
Technical details
Vulnerability (6) is related to Android intents.
NB: Not every vulnerability already have CVSS rating so cumulative CVSS rating can be not representative.
NB: At this moment Google just reserved CVE numbers for this vulnerabilities. Information can be changed soon.
Original advisories
Related products
CVE list
- CVE-2017-5108 high
- CVE-2017-5109 warning
- CVE-2017-5110 warning
- CVE-2017-5091 high
- CVE-2017-5092 high
- CVE-2017-5093 warning
- CVE-2017-5094 warning
- CVE-2017-5095 high
- CVE-2017-5096 warning
- CVE-2017-5097 high
- CVE-2017-5098 high
- CVE-2017-5099 high
- CVE-2017-5100 high
- CVE-2017-5101 warning
- CVE-2017-5102 warning
- CVE-2017-5103 warning
- CVE-2017-5104 warning
- CVE-2017-5105 warning
- CVE-2017-5106 warning
- CVE-2017-5107 warning
- CVE-2017-6991 high
Read more
Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com
Found an inaccuracy in the description of this vulnerability? Let us know!