KLA11588
Multiple vulnerabilities in Google Chrome
Updated: 05/22/2020
Detect date
?
10/22/2019
Severity
?
Critical
Description

Multiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to execute arbitrary code.

Below is a complete list of vulnerabilities:

  1. Use-after-free vulnerability in media can be exploited to arbitrary code execution;
  2. Buffer overrun vulnerability in Blink can be exploited to arbitrary code execution;
  3. URL spoof vulnerability in navigation can be exploited to arbitrary code execution;
  4. Privilege elevation vulnerability in Installer can be exploited to arbitrary code execution;
  5. URL bar spoofing vulnerability can be exploited to arbitrary code execution;
  6. CSP bypass vulnerability can be exploited to arbitrary code execution;
  7. Extension permission bypass vulnerability can be exploited to arbitrary code execution;
  8. Out-of-bounds read vulnerability in PDFium can be exploited to arbitrary code execution;
  9. File storage disclosure vulnerability can be exploited to arbitrary code execution;
  10. HTTP authentication spoof vulnerability can be exploited to arbitrary code execution;
  11. File download protection bypass vulnerability can be exploited to arbitrary code execution;
  12. Cross-context information leak vulnerability can be exploited to arbitrary code execution;
  13. Buffer overflow vulnerability in expat can be exploited to arbitrary code execution;
  14. Cross-origin data leak vulnerability can be exploited to arbitrary code execution;
  15. CSS injection vulnerability can be exploited to arbitrary code execution;
  16. Address bar spoofing vulnerability can be exploited to arbitrary code execution;
  17. Service worker state error vulnerability can be exploited to arbitrary code execution;
  18. IDN spoof vulnerability can be exploited to arbitrary code execution;
Affected products

Google Chrome earlier than 78.0.3904.70

Solution

Update to the latest version
Google Chrome download page

Original advisories

Stable Channel Update for Desktop

Impacts
?
ACE 
[?]

DoS 
[?]

SUI 
[?]
Related products
Google Chrome
CVE-IDS
?
CVE-2019-136990.0Unknown
CVE-2019-137000.0Unknown
CVE-2019-137010.0Unknown
CVE-2019-137020.0Unknown
CVE-2019-137030.0Unknown
CVE-2019-137040.0Unknown
CVE-2019-137050.0Unknown
CVE-2019-137060.0Unknown
CVE-2019-137070.0Unknown
CVE-2019-137080.0Unknown
CVE-2019-137090.0Unknown
CVE-2019-137100.0Unknown
CVE-2019-137110.0Unknown
CVE-2019-159030.0Unknown
CVE-2019-137130.0Unknown
CVE-2019-137140.0Unknown
CVE-2019-137150.0Unknown
CVE-2019-137160.0Unknown
CVE-2019-137170.0Unknown
CVE-2019-137180.0Unknown
CVE-2019-137190.0Unknown
CVE-2019-137650.0Unknown