KLA11204
Multiple vulnerabilities in Google Chrome
Updated: 03/12/2018
CVSS
?
7.5
Detect date
?
03/06/2018
Severity
?
Critical
Description

Multiple serious vulnerabilities have been found in Google Chrome. Malicious users can exploit these vulnerabilities possibly to cause denial of service or spoof user interface.

Below is a complete list of vulnerabilities:

  1. Incorrect processing of AppMenifests can be exploited remotely to perform unspecified attacks;
  2. An unspecified vulnerability can be exploited remotely via specially crafted web page to bypass security restrictions;
  3. Incorrect validation of submissions to Interstitials can be exploited remotely via specially crafted web page to perform cross-site scripting attacks;
  4. Improper processing of inter-process communication (IPC) calls can be exploited remotely via specially crafted web page to obtain sensitive information;
  5. Improper texture data processing in WebGL can be exploited remotely via specially crafted web page to obtain sensitive information;
  6. A vulnerability in OmniBox can be exploited remotely via specially crafted web page to spoof user interface;
  7. An unspecified vulnerability can be exploited remotely via SVG filters to provide timing attack to obtain sensitive information;
  8. Improper processing of URL fragment identifiers in Blink can be exploited remotely to spoof user interface;
  9. Insufficient access restrictions can be exploited remotely to bypass security restrictions;
  10. A vulnerability in the Mark-of-the-Web (MOTW) protection mechanism can be exploited remotely via specially crafted web page to bypass security restrictions;
  11. A heap buffer overflow vulnerability in WebGL can be exploited remotely via specially crafted web page to obtain sensitive information;
  12. An incorrect memory management in PDFium can be exploited remotely via specially crafted PDF file to cause denial of service;
  13. A heap buffer overflow vulnerability in Skia can be exploited remotely via specially crafted web page to obtain sensitive information;
  14. Multiple unspecified vulnerabilities can be exploited remotely via specially crafted web page to bypass security restrictions;
  15. A stack buffer overflow vulnerability in Skia can be exploited remotely via specially crafted web page to obtain sensitive information;
  16. An unspecified vulnerability can be exploited remotely via specially crafted web page to obtain sensitive information;
  17. A buffer overflow vulnerability in Skia can be exploited remotely to obtain sensitive information;
  18. An integer overflow vulnerability in V8 can be exploited remotely via specially crafted web page to execute arbitrary code;
  19. A type confusion vulnerability in V8 can be exploited remotely to execute arbitrary code;
  20. A heap buffer overflow vulnerability in Skia can be exploited remotely via specially crafted web page to execute arbitrary code;
  21. A race condition vulnerability in V8 can be exploited remotely to execute arbitrary code;
  22. An use after free vulnerability in Blink can be exploited remotely via specially crafted web page to execute arbitrary code;
  23. Multiple use after free vulnerabilities can be exploited remotely via specially crafted web page to execute arbitrary code;
  24. Multiple incorrect sharing memory restrictions can be exploited remotely via specially crafted web page to execute arbitrary code;
Affected products

Google Chrome earlier than 65.0.3325.146

Solution

Update to the latest version
Download Google Chrome

Original advisories

Stable Channel Update for Desktop

Impacts
?
SUI 
[?]

ACE 
[?]

OSI 
[?]

XSSCSS 
[?]

SB 
[?]

DoS 
[?]
Related products
Google Chrome
CVE-IDS
?

CVE-2018-6083
CVE-2018-6082
CVE-2018-6081
CVE-2018-6080
CVE-2018-6079
CVE-2018-6078
CVE-2018-6077
CVE-2018-6076
CVE-2018-6075
CVE-2018-6074
CVE-2018-6073
CVE-2018-6072
CVE-2018-6071
CVE-2018-6070
CVE-2018-6069
CVE-2018-6068
CVE-2018-6067
CVE-2018-6066
CVE-2018-6065
CVE-2018-6064
CVE-2018-6063
CVE-2018-6057
CVE-2018-6062
CVE-2018-6061
CVE-2018-6060
CVE-2018-6059
CVE-2018-6058