Multiple vulnerabilities in Google Chrome

Description

Multiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information, bypass security restrictions and spoof user interface.

Below is a complete list of vulnerabilities:

1. Use-after-free vulnerability in media component can be exploited to execute arbitrary code;
2. Heap overflow vulnerability in Mojo component can be exploited to execute arbitrary code;
3. Unspecified vulnerability can be exploited via trigger other browser to bypass security restrictions;
4. URL bar spoof vulnerability can be exploited via download redirect to spoof user interface;
5. Out-of-bounds access vulnerability in V8 component can be exploited to bypass security restrictions;
6. Use-after-free vulnerability in V8 component can be exploited to execute arbitrary code;
7. Unspecified vulnerability can be exploited via bypass same origin policy to bypass security restrictions;
8. Unspecified vulnerability can be exploited via SameSite cookie bypass to bypass security restrictions;
9. Unspecified vulnerability in SwiftShader component can be exploited via arbitrary read to bypass security restrictions;
10. Unspecified vulnerability can be exploited via URL spoof to spoof user interface;
11. Unspecified vulnerability can be exploited via full screen notification overlap to bypass security restrictions;
12. Unspecified vulnerability can be exploited via CSP spoof to spoof user interface;
13. Unspecified vulnerability can be exploited via full screen notification spoof to spoof user interface;
14. Unspecified vulnerability can be exploited via IDN spoof to spoof user interface;
15. Unspecified vulnerability can be exploited via CSRF bypass to bypass security restrictions;
16. Unspecified vulnerability can be exploited via multiple file download to bypass security restrictions;
17. Unspecified vulnerability can be exploited via using storage size estimate by side channel to bypass security restrictions;
18. URI bar spoofing vulnerability can be exploited via using external app URIs to spoof user interface;
19. Unspecified vulnerability can be exploited via global window leak via console to bypass security restrictions;
20. Unspecified vulnerability can be exploited via HTTP authentication spoof to spoof user interface;
21. Memory corruption vulnerability in V8 component can be exploited to execute arbitrary code;
22. Unspecified vulnerability can be exploited via dialog box failing to show origin to bypass security restrictions;
23. Unspecified vulnerability can be exploited via cross-origin information leak using devtools to bypass security restrictions;
24. Unspecified vulnerability can be exploited via extensions disable by trailing slash to bypass security restrictions;
25. Unspecified vulnerability can be exploited via shown for certificate warning to bypass security restrictions;
26. Unspecified vulnerability can be exploited to bypass security restrictions;
27. Unspecified vulnerability can be exploited via download dialog spoofing to spoof user interface;
28. Unspecified vulnerability can be exploited via IP address spoofing to servers to spoof user interface;
29. Unspecified vulnerability can be exploited via downloading to bypass security restrictions;
30. Unspecified vulnerability can be exploited via site isolation bypass to bypass security restrictions;
31. Unspecified vulnerability can be exploited via exceptions leaked by devtools to bypass security restrictions;

Original advisories

• Stable Channel Update for Desktop

Related products

• Google-Chrome

CVE list

• CVE-2019-5870
  high
• CVE-2019-5871
  high
• CVE-2019-5872
  warning
• CVE-2019-5873
  warning
• CVE-2019-5874
  high
• CVE-2019-5875
  warning
• CVE-2019-5876
  high
• CVE-2019-5877
  high
• CVE-2019-5878
  high
• CVE-2019-5879
  warning
• CVE-2019-5880
  warning
• CVE-2019-5881
  high
• CVE-2019-13659
  warning
• CVE-2019-13660
  warning
• CVE-2019-13661
  warning
• CVE-2019-13662
  warning
• CVE-2019-13663
  warning
• CVE-2019-13664
  warning
• CVE-2019-13665
  warning
• CVE-2019-13666
  warning
• CVE-2019-13667
  warning
• CVE-2019-13668
  warning
• CVE-2019-13669
  warning
• CVE-2019-13670
  warning
• CVE-2019-13671
  warning
• CVE-2019-13673
  warning
• CVE-2019-13674
  warning
• CVE-2019-13675
  warning
• CVE-2019-13676
  warning
• CVE-2019-13677
  warning
• CVE-2019-13678
  warning
• CVE-2019-13679
  warning
• CVE-2019-13680
  warning
• CVE-2019-13681
  warning
• CVE-2019-13682
  high
• CVE-2019-13683
  warning
• CVE-2019-13691
  warning
• CVE-2019-13692
  high
• CVE-2019-13766
  warning

Read more

Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com