Kaspersky Threats

CVSS

?

7.5

Detect date

?

12/04/2018

Severity

?

Warning

Description

Multiple serious vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information, cause denial of service.

Below is a complete list of vulnerabilities:

An out-of-bounds read in V8 can be exploited remotely to execute arbitrary code;
A use after free in PDFium can be exploited remotely to obtain sensitive information;
A heap overflow vulnerability in the Skia component can be exploited remotely to execute arbitrary code;
A use after free in PDFium can be exploited remotely to obtain sensitive information;
A use after free in Blink can be exploited remotely to obtain sensitive information;
A heap overflow vulnerability in the Canvas component can be exploited remotely to cause denial of service;
A use after free in WebAudio can be exploited remotely to obtain sensitive information;
A use after free in MediaRecorder can be exploited remotely to obtain sensitive information;
A heap overflow vulnerability in the Blink component can be exploited remotely to cause denial of service;
An out-of-bounds read in V8 can be exploited remotely to cause denial of service;
A use after free in Skia can be exploited remotely to obtain sensitive information;
A use after free in Skia can be exploited remotely to obtain sensitive information;

Affected products

Google Chrome earlier than 71.0.3578.80

Solution

Update to the latest version. File with name old_chrome can be still detected after update. It caused by Google Chrome update policy which does not remove old versions when installing updates. Try to contact vendor for further delete instructions or ignore such kind of alerts at your own risk.
Google Chrome download page

Original advisories

Stable Channel Update for Desktop

Impacts

?

ACE

[?]

OSI

[?]

DoS

[?]

CVSS ?	7.5
Detect date ?	12/04/2018
Severity ?	Warning
Description	Multiple serious vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information, cause denial of service. Below is a complete list of vulnerabilities: An out-of-bounds read in V8 can be exploited remotely to execute arbitrary code; A use after free in PDFium can be exploited remotely to obtain sensitive information; A heap overflow vulnerability in the Skia component can be exploited remotely to execute arbitrary code; A use after free in PDFium can be exploited remotely to obtain sensitive information; A use after free in Blink can be exploited remotely to obtain sensitive information; A heap overflow vulnerability in the Canvas component can be exploited remotely to cause denial of service; A use after free in WebAudio can be exploited remotely to obtain sensitive information; A use after free in MediaRecorder can be exploited remotely to obtain sensitive information; A heap overflow vulnerability in the Blink component can be exploited remotely to cause denial of service; An out-of-bounds read in V8 can be exploited remotely to cause denial of service; A use after free in Skia can be exploited remotely to obtain sensitive information; A use after free in Skia can be exploited remotely to obtain sensitive information;
Affected products	Google Chrome earlier than 71.0.3578.80
Solution	Update to the latest version. File with name old_chrome can be still detected after update. It caused by Google Chrome update policy which does not remove old versions when installing updates. Try to contact vendor for further delete instructions or ignore such kind of alerts at your own risk. Google Chrome download page
Original advisories	Stable Channel Update for Desktop
Impacts ?	ACE [?] OSI [?] DoS [?]
Related products	Google Chrome
CVE-IDS ?	CVE-2018-17480 CVE-2018-17481 CVE-2018-18335 CVE-2018-18336 CVE-2018-18337 CVE-2018-18338 CVE-2018-18339 CVE-2018-18340 CVE-2018-18341 CVE-2018-18342 CVE-2018-18343 CVE-2018-18344 CVE-2018-18345 CVE-2018-18346 CVE-2018-18347 CVE-2018-18348 CVE-2018-18349 CVE-2018-18350 CVE-2018-18351 CVE-2018-18352 CVE-2018-18353 CVE-2018-18354 CVE-2018-18355 CVE-2018-18356 CVE-2018-18357 CVE-2018-18358 CVE-2018-18359