KLA11660
Multiple vulnerabilities in Google Chrome
Updated: 02/13/2020
Detect date
?
02/04/2020
Severity
?
Warning
Description

Multiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to execute arbitrary code, bypass security restrictions, obtain sensitive information, cause denial of service, spoof user interface.

Below is a complete list of vulnerabilities:

  1. A implementation vulnerability in Omnibox can be exploited to potentially execute arbitrary code.
  2. A policy enforcement vulneravility in Blink can be exploited to bypass security restrictions.
  3. Use after free vulnerability in audio component can be exploited to obtain sensitive information.
  4. A policy enforcement vulnerability in downloads component can be exploited to bypass security restrictions.
  5. Insufficient validation input vulnerability in Omnibox can be exploited to bypass security restrictions.
  6. A memory access vulnerability in streams component can be exploited to cause denial of service.
  7. A implementation vulnerability in Blink can be exploited to potentially execute arbitrary code.
  8. A memory access vulnerability in SQLite can be exploited to cause denial of service.
  9. A policy enforcement vulnerability in AppCache can be exploited to bypass security restrictions.
  10. A memory access vulnerability in WebRTC can be exploited to cause denial of service.
  11. A policy enforcement vulnerability in CORS can be exploited to bypass security restrictions.
  12. Read-operation memory vulnerability in SQLite can be exploited to cause denial of service.
  13. A policy enforcement vulnerability in Safe Browsing can be exploited to bypass security restrictions.
  14. A implementation vulnerability in installer component can be exploited to potentially execute arbitrary code.
  15. A policy enforcement vulnerability in Blink can be exploited to bypass security restrictions.
  16. Type confusion vulnerability in JavaScript can be exploited to cause denial of service.
  17. A data validation vulnerability in streams component can be exploited to bypass security restrictions.
  18. Write-operation memory vulnerability in WebRTC can be exploited to cause denial of service.
  19. A policy enforcement vulnerability in storage component can be exploited to bypass security restrictions.
  20. A memory access vulnerability in WebAudio can be exploited to cause denial of service.
  21. A implementation vulnerability in Skia can be exploited to potentially execute arbitrary code.
  22. A policy enforcement vulnerability in extensions component can be exploited to bypass security restrictions.
  23. A memory access vulnerability in XML can be exploited to cause denial of service.
  24. Security UI vulnerability in Omnibox can be exploited to perform domain spoofing
  25. Security UI vulnerability in sharing component can be exploited to perform domain spoofing
  26. A implementation vulnerability in Blink can be exploited to potentially execute arbitrary code.
  27. A implementation vulnerability in CORS can be exploited to potentially execute arbitrary code.
  28. Uninitialized use vulnerability in PDFium can be exploited to bypass security restrictions and obtain sensitive information.
  29. Multi ‘SELECT’ vulnerability in SQLite can be exploited to cause denial of service.
  30. Insufficient validation input vulnerability in Blink can be exploited to bypass security restrictions.
  31. A policy enforcement vulnerability in navigation component can be exploited to bypass security restrictions.
  32. Integer overflow vulnerability in JavaScript can be exploited to cause denial of service.
  33. Read-operation memory vulnerability in JavaScript can be exploited to cause denial of service.
  34. A implementation vulnerability in JavaScript can be exploited to potentially execute arbitrary code.
  35. Zip-file update vulnerabilities in SQLite can be exploited to cause denial of service.
  36. Pointer dereference vulnerability in SQLite can be exploited to cause denial of service
Affected products

Google Chrome earlier than 80.0.3987.87

Solution

Update to the latest version
Download Google Chrome

Original advisories

Stable Channel Update for Desktop

Impacts
?
ACE 
[?]

OSI 
[?]

DoS 
[?]

SB 
[?]

SUI 
[?]
Related products
Google Chrome
CVE-IDS
?
CVE-2020-64090.0Unknown
CVE-2020-63930.0Unknown
CVE-2020-64060.0Unknown
CVE-2020-64020.0Unknown
CVE-2020-64010.0Unknown
CVE-2020-63900.0Unknown
CVE-2020-64130.0Unknown
CVE-2019-199230.0Unknown
CVE-2020-63990.0Unknown
CVE-2020-63890.0Unknown
CVE-2020-64080.0Unknown
CVE-2020-64050.0Unknown
CVE-2020-64140.0Unknown
CVE-2020-64170.0Unknown
CVE-2020-63940.0Unknown
CVE-2020-63820.0Unknown
CVE-2020-64160.0Unknown
CVE-2020-63870.0Unknown
CVE-2020-63850.0Unknown
CVE-2020-63880.0Unknown
CVE-2020-63960.0Unknown
CVE-2020-63920.0Unknown
CVE-2019-181970.0Unknown
CVE-2020-64030.0Unknown
CVE-2020-64110.0Unknown
CVE-2020-63970.0Unknown
CVE-2020-64040.0Unknown
CVE-2020-64120.0Unknown
CVE-2020-64000.0Unknown
CVE-2020-63980.0Unknown
CVE-2019-199260.0Unknown
CVE-2020-63910.0Unknown
CVE-2020-64100.0Unknown
CVE-2020-63810.0Unknown
CVE-2020-63950.0Unknown
CVE-2020-64150.0Unknown
CVE-2019-199250.0Unknown
CVE-2019-198800.0Unknown