Kaspersky Threats

KLA11598
Multiple vulnerabilities in Google Chrome

Updated: 11/01/2019

Detect date ?	12/04/2018
Severity ?	High
Description	Multiple serious vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information, spoof user interface. Below is a complete list of vulnerabilities: An out-of-bounds read in V8 can be exploited remotely to execute arbitrary code; A use after free in PDFium can be exploited remotely to obtain sensitive information; A heap overflow vulnerability in the Skia component can be exploited remotely to execute arbitrary code; A use after free in PDFium can be exploited remotely to obtain sensitive information; A use after free in Blink can be exploited remotely to obtain sensitive information; A heap overflow vulnerability in the Canvas component can be exploited remotely to cause denial of service; A use after free in WebAudio can be exploited remotely to bypass security restrictions; A use after free in MediaRecorder can be exploited remotely to obtain sensitive information; A heap overflow vulnerability in the Blink component can be exploited remotely spoof user interface; An out-of-bounds read in V8 can be exploited remotely to cause denial of service; A use after free in Skia can be exploited remotely to obtain sensitive information; A use after free in Skia can be exploited remotely to obtain sensitive information;
Affected products	Google Chrome earlier then 70.0.3538.67
Solution	Update to the latest version Google Chrome download page
Original advisories	Stable Channel Update for Desktop
Impacts ?	ACE [?] OSI [?] SB [?] SUI [?]
Related products	Google Chrome Google Chrome Enterprise Google Chrome Enterprise for current user Google Chrome for KIS Google Chrome for current user
CVE-IDS ?	CVE-2018-200700.0Unknown CVE-2018-200650.0Unknown CVE-2018-200680.0Unknown CVE-2018-200690.0Unknown CVE-2018-200710.0Unknown CVE-2018-200670.0Unknown CVE-2018-200660.0Unknown