KLA11598
Multiple vulnerabilities in Google Chrome
Updated: 11/01/2019
Detect date
?
12/04/2018
Severity
?
High
Description

Multiple serious vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information, spoof user interface.

Below is a complete list of vulnerabilities:

  1. An out-of-bounds read in V8 can be exploited remotely to execute arbitrary code;
  2. A use after free in PDFium can be exploited remotely to obtain sensitive information;
  3. A heap overflow vulnerability in the Skia component can be exploited remotely to execute arbitrary code;
  4. A use after free in PDFium can be exploited remotely to obtain sensitive information;
  5. A use after free in Blink can be exploited remotely to obtain sensitive information;
  6. A heap overflow vulnerability in the Canvas component can be exploited remotely to cause denial of service;
  7. A use after free in WebAudio can be exploited remotely to bypass security restrictions;
  8. A use after free in MediaRecorder can be exploited remotely to obtain sensitive information;
  9. A heap overflow vulnerability in the Blink component can be exploited remotely spoof user interface;
  10. An out-of-bounds read in V8 can be exploited remotely to cause denial of service;
  11. A use after free in Skia can be exploited remotely to obtain sensitive information;
  12. A use after free in Skia can be exploited remotely to obtain sensitive information;
Affected products

Google Chrome earlier then 70.0.3538.67

Solution

Update to the latest version
Google Chrome download page

Original advisories

Stable Channel Update for Desktop

Impacts
?
ACE 
[?]

OSI 
[?]

SB 
[?]

SUI 
[?]
Related products
Google Chrome
Google Chrome Enterprise
Google Chrome Enterprise for current user
Google Chrome for KIS
Google Chrome for current user
CVE-IDS
?
CVE-2018-200700.0Unknown
CVE-2018-200650.0Unknown
CVE-2018-200680.0Unknown
CVE-2018-200690.0Unknown
CVE-2018-200710.0Unknown
CVE-2018-200670.0Unknown
CVE-2018-200660.0Unknown