Description
Multiple serious vulnerabilities have been found in Google Chrome. Malicious users can exploit these vulnerabilities to cause a denial of service, bypass security restrictions, spoof user interface, execute arbitrary code, escalate privileges, obtain sensitive information and perform cross-site scripting attack.
Below is a complete list of vulnerabilities:
- A use after free in IndexedDB component can be exploited remotely by an unauthenticated attacker to cause denial of service;
- Insufficient validation of untrusted input in PPAPI Plugins component can be exploited remotely by an unauthenticated attacker to bypass security restrictions;
- Inappropriate implementation in modal dialog handling in Blink component can be exploited remotely by an unauthenticated attacker to spoof user interface;
- Type confusion in extensions JavaScript can be exploited remotely by an unauthenticated attacker to bypass security restrictions;
- Stack overflow in PDFium component can be exploited remotely by an unauthenticated attacker to execute arbitrary code;
- Insufficient policy enforcement during navigation can be exploited remotely by an unauthenticated attacker to perform a universal cross-site scripting attack;
- Insufficient validation of untrusted input in Skia component can be exploited remotely by an unauthenticated attacker to cause denial of service;
- A use after free in V8 component can be exploited remotely by an unauthenticated attacker to cause denial of service;
- Insufficient validation of untrusted input in PPAPI Plugins component can be exploited remotely by an unauthenticated attacker to escalate privilege;
- A use after free in Apps component can be exploited remotely by an unauthenticated attacker to cause denial of service;
- Inappropriate implementation in Omnibox component can be exploited remotely by an unauthenticated attacker to spoof user interface;
- Use of an uninitialized value in Skia component can be exploited remotely by an unauthenticated attacker to obtain sensitive information;
- Inappropriate implementation in interstitials can be exploited remotely by an unauthenticated attacker to spoof user interface;
- Insufficient Policy Enforcement in Omnibox component can be exploited remotely by an unauthenticated attacker to spoof user interface;
- A timing attack in SVG rendering can be exploited remotely by an unauthenticated attacker to perform a universal cross-site scripting attack;
- Type confusion in PDFium component can be exploited remotely by an unauthenticated attacker to bypass security restrictions;
- Inappropriate implementation of unload handler handling in permission prompts can be exploited remotely by an unauthenticated attacker to spoof user interface;
- Inappropriate implementation of the web payments API on blob: and data: schemes in Web Payments component can be exploited remotely by an unauthenticated attacker to spoof user interface;
Technical details
NB: This vulnerability does not have any public CVSS rating, so rating can be changed by the time.
Original advisories
Related products
CVE list
- CVE-2017-5108 high
- CVE-2017-5109 warning
- CVE-2017-5110 warning
- CVE-2017-5091 high
- CVE-2017-5092 high
- CVE-2017-5093 warning
- CVE-2017-5094 warning
- CVE-2017-5095 high
- CVE-2017-5096 warning
- CVE-2017-5097 high
- CVE-2017-5098 high
- CVE-2017-5099 high
- CVE-2017-5100 high
- CVE-2017-5101 warning
- CVE-2017-5102 warning
- CVE-2017-5103 warning
- CVE-2017-5104 warning
- CVE-2017-5105 warning
- CVE-2017-5106 warning
- CVE-2017-5107 warning
Read more
Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com
Found an inaccuracy in the description of this vulnerability? Let us know!