KLA11413
Multiple vulnerabilities in Google Chrome

Updated: 06/03/2020
Detect date
?
01/29/2019
Severity
?
Critical
Description
  1. Multiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to execute arbitrary code, bypass security restrictions.

    Below is a complete list of vulnerabilities:

    1. Inappropriate implementation vulnerability in QUIC Networking component can be exploited to execute arbitrary code;
    2. Inappropriate implementation vulnerability in V8 component can be exploited to execute arbitrary code;
    3. Use after free vulnerability in PDFium component can be exploited remotely to execute arbitrary code;
    4. Type Confusion vulnerability in SVG component can be exploited remotely to execute arbitrary code;
    5. Use after free vulnerability in Blink component can be exploited remotely to execute arbitrary code;
    6. Use after free vulnerability in HTML select elements can be exploited remotely to execute arbitrary code;
    7. Use after free vulnerability in WebRTC component can be exploited remotely to execute arbitrary code;
    8. Use after free vulnerability in SwiftShader component can be exploited remotely to execute arbitrary code;
    9. Insufficient validation vulnerability in V8 component can be exploited remotely to execute arbitrary code;
    10. Insufficient policy enforcement vulnerability in browser can be exploited remotely to execute arbitrary code;
    11. Stack buffer overflow vulnerability in Skia component can be exploited remotely to bypass security restrictions;
    12. Insufficient policy enforcement vulnerability in Canvas component can be exploited remotely to execute arbitrary code;
    13. Incorrect security vulnerability of UI in WebAPKs component can be exploited remotely to execute arbitrary code;
    14. Insufficient policy enforcement vulnerability in DevTools component can be exploited remotely to execute arbitrary code;
    15. Insufficient validation of untrusted input vulnerability in Blink component can be exploited remotely to execute arbitrary code;
    16. Heap buffer overflow vulnerability in WebGL component can be exploited remotely to execute arbitrary code;
    17. Heap buffer overflow vulnerability in SwiftShader component can be exploited remotely to execute arbitrary code;
    18. Insufficient data validation vulnerability in IndexedDB component can be exploited remotely to execute arbitrary code;
    19. Insufficient validation of untrusted input vulnerability in SafeBrowsing component can be exploited remotely to execute arbitrary code;
    20. Insufficient policy enforcement vulnerability in Omnibox component can be exploited remotely to execute arbitrary code;
    21. Insufficient policy enforcement vulnerability in Extensions component can be exploited remotely to execute arbitrary code;
    22. Insufficient policy enforcement vulnerability in ServiceWorker component can be exploited remotely to execute arbitrary code;
    23. Insufficient validation of untrusted input vulnerability in DevTools component can be exploited remotely to execute arbitrary code;
Affected products

Google Chrome earlier than 72.0.3626.81

Solution

Update to the latest version
Google Chrome download page

Original advisories

Stable Channel Update for Desktop

Impacts
?
ACE 
[?]

DoS 
[?]
Related products
Google Chrome
CVE-IDS
?
Find out the statistics of the vulnerabilities spreading in your region