Kaspersky Threats

Detect date

?

12/04/2018

Severity

?

High

Description

Multiple serious vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information, spoof user interface.

Below is a complete list of vulnerabilities:

An out-of-bounds read in V8 can be exploited remotely to execute arbitrary code;
A use after free in PDFium can be exploited remotely to obtain sensitive information;
A heap overflow vulnerability in the Skia component can be exploited remotely to execute arbitrary code;
A use after free in PDFium can be exploited remotely to obtain sensitive information;
A use after free in Blink can be exploited remotely to obtain sensitive information;
A heap overflow vulnerability in the Canvas component can be exploited remotely to cause denial of service;
A use after free in WebAudio can be exploited remotely to bypass security restrictions;
A use after free in MediaRecorder can be exploited remotely to obtain sensitive information;
A heap overflow vulnerability in the Blink component can be exploited remotely spoof user interface;
An out-of-bounds read in V8 can be exploited remotely to cause denial of service;
A use after free in Skia can be exploited remotely to obtain sensitive information;
A use after free in Skia can be exploited remotely to obtain sensitive information;

Affected products

Google Chrome earlier then 70.0.3538.67

Solution

Update to the latest version
Google Chrome download page

Original advisories

Stable Channel Update for Desktop

Impacts

?

ACE

[?]

OSI

[?]

DoS

[?]

SB

[?]

SUI

[?]

Detect date ?	12/04/2018
Severity ?	High
Description	Multiple serious vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information, spoof user interface. Below is a complete list of vulnerabilities: An out-of-bounds read in V8 can be exploited remotely to execute arbitrary code; A use after free in PDFium can be exploited remotely to obtain sensitive information; A heap overflow vulnerability in the Skia component can be exploited remotely to execute arbitrary code; A use after free in PDFium can be exploited remotely to obtain sensitive information; A use after free in Blink can be exploited remotely to obtain sensitive information; A heap overflow vulnerability in the Canvas component can be exploited remotely to cause denial of service; A use after free in WebAudio can be exploited remotely to bypass security restrictions; A use after free in MediaRecorder can be exploited remotely to obtain sensitive information; A heap overflow vulnerability in the Blink component can be exploited remotely spoof user interface; An out-of-bounds read in V8 can be exploited remotely to cause denial of service; A use after free in Skia can be exploited remotely to obtain sensitive information; A use after free in Skia can be exploited remotely to obtain sensitive information;
Affected products	Google Chrome earlier then 70.0.3538.67
Solution	Update to the latest version Google Chrome download page
Original advisories	Stable Channel Update for Desktop
Impacts ?	ACE [?] OSI [?] DoS [?] SB [?] SUI [?]
Related products	Google Chrome Google Chrome Enterprise Google Chrome Enterprise for current user Google Chrome for KIS Google Chrome for current user
CVE-IDS ?	CVE-2018-200704.3Warning CVE-2018-200656.8High CVE-2018-200684.3Warning CVE-2018-200694.3Warning CVE-2018-200714.3Warning CVE-2018-200674.3Warning CVE-2018-200666.8High
	Find out the statistics of the vulnerabilities spreading in your region

KLA11598Multiple vulnerabilities in Google Chrome

KLA11598
Multiple vulnerabilities in Google Chrome