Description
Multiple serious vulnerabilities have been found in Google Chrome. Malicious users can exploit these vulnerabilities possibly to execute arbitrary code, cause denial of service, perform cross-site scripting attacks, obtain sensitive information, spoof user interface, bypass security restrictions and perform unspecified attacks.
Below is a complete list of vulnerabilities:
- An use after free vulnerability in Blink can be exploited remotely to execute arbitrary code;
- A type confusion vulnerability in Blink can be exploited remotely to execute arbitrary code;
- An overly permissive policy in WebUSB can be exploited remotely to perform unspecified attacks;
- Multiple heap buffer overflow vulnerabilities in Skia can be exploited remotely to cause denial of service;
- An use after free vulnerability in indexedDB can be exploited remotely to cause denial of service;
- An uXSS vulnerability in Chrome for iOS can be exploited remotely to perform cross-site scripting attacks;
- Multiple out-of-bounds memory access vulnerabilities in WebRTC can be exploited remotely possibly to obtain sensitive information, cause denial of service or execute arbitrary code;
- An incorrect mutability protection in WebAssembly can be exploited remotely possibly to obtain sensitive information;
- An use of uninitialized memory vulnerability in WebRTC can be exploited remotely to cause denial of service;
- An URL spoof vulnerability in Omnibox can be exploited remotely to spoof user interface;
- A referrer policy bypass in Blink can be exploited remotely to bypass security restrictions;
- An UI spoofing vulnerability in Blink can be exploited remotely to spoof user interface;
- Multiple out-of-bounds memory access vulnerabilities in V8 can be exploited remotely possibly to obtain sensitive information, cause denial of service or execute arbitrary code;
- A leak of visited status of page in Blink can be exploited remotely to obtain sensitive information;
- An overly permissive policy in Extentions can be exploited remotely to perform unspecified attacks;
- Multiple restrictions bypass vulnerabilities in the debugger can be exploited remotely to bypass security restrictions;
- An out-of-bounds memory access vulnerability in PDFium can be exploited remotely to cause denial of service;
- An incorrect escaping of MathML in Blink can be exploited remotely to cause denial of service;
NB: This vulnerability does not have any public CVSS rating, so rating can be changed by the time.
NB: At this moment Google has just reserved CVE numbers for these vulnerabilities. Information can be changed soon.
Original advisories
Exploitation
Public exploits exist for this vulnerability.
Related products
CVE list
- CVE-2018-6123 warning
- CVE-2018-6124 high
- CVE-2018-6125 unknown
- CVE-2018-6126 high
- CVE-2018-6127 high
- CVE-2018-6128 warning
- CVE-2018-6129 warning
- CVE-2018-6130 warning
- CVE-2018-6131 high
- CVE-2018-6132 warning
- CVE-2018-6133 warning
- CVE-2018-6134 warning
- CVE-2018-6135 warning
- CVE-2018-6136 warning
- CVE-2018-6137 warning
- CVE-2018-6138 high
- CVE-2018-6139 high
- CVE-2018-6140 critical
- CVE-2018-6141 high
- CVE-2018-6142 warning
- CVE-2018-6143 warning
- CVE-2018-6144 high
- CVE-2018-6145 warning
- CVE-2018-6147 warning
Read more
Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com