Multiple vulnerabilities in Google Chrome

Description

Multiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information, bypass security restrictions and cause denial of service.

Below is a complete list of vulnerabilities:

1. A use-after-free vulnerability in PDFium can be exploited remotely to execute arbitrary code;
2. An integer overflow vulnerability in Angle can be exploited remotely to execute arbitrary code;
3. A memory corruption vulnerability in V8 can be exploited remotely to execute arbitrary code;
4. Multiple use-after-free vulnerabilities in Blink can be exploited remotely to execute arbitrary code;
5. An user information disclosure vulnerability in Autofill can be exploited to obtain sensitive information;
6. Multiple CORS bypass vulnerabilities in Blink can be exploited remotely to bypass security restrictions;
7. An out-of-bounds read vulnerability in V8 can be exploited remotely to cause denial of service;
8. A heap buffer overflow vulnerability in Blink can be exploited remotely to cause denial of service;
9. An heap buffer overflow vulnerability in Angle can be exploited to cause denial of service;
10. An use of uninitialized variable vulnerability in media reader can be exploited to cause denial of service;
11. An incorrect escaping vulnerability in developer tools can be exploited to bypass security restrictions and cause denial of service;
12. Multiple integer overflow vulnerabilities in PDFium can be exploited to cause denial of service or possibly to execute arbitrary code;
13. A CORS bypass vulnerability in download manager can be exploited to bypass security restrictions;
14. A forced navigation vulnerability in service worker can be exploited to bypass security restrictions;
15. URL spoof vulnerability in Omnibox can be exploited to spoof user interface;
16. Exploit persistence extension vulnerability in Google Chrome can be exploited to bypass security restrictions;
17. Implementation vulnerability in accessibility component can be exploited to execute arbitrary code;
18. Policy enforcement vulnerability in notifications component can be exploited to bypass security restrictions.

Original advisories

• Stable Channel Update for Desktop

Exploitation

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Related products

• Google-Chrome

CVE list

• CVE-2019-5805
  warning
• CVE-2019-5806
  high
• CVE-2019-5807
  high
• CVE-2019-5808
  high
• CVE-2019-5809
  high
• CVE-2019-5810
  warning
• CVE-2019-5811
  high
• CVE-2019-5813
  high
• CVE-2019-5814
  warning
• CVE-2019-5815
  warning
• CVE-2019-5817
  high
• CVE-2019-5818
  warning
• CVE-2019-5819
  warning
• CVE-2019-5820
  high
• CVE-2019-5821
  high
• CVE-2019-5822
  high
• CVE-2019-5823
  high
• CVE-2019-5825
  warning
• CVE-2019-5826
  warning
• CVE-2019-5812
  warning
• CVE-2019-5816
  high
• CVE-2020-6503
  warning
• CVE-2020-6504
  warning

Read more

Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com