KLA11869
Multiple vulnerability in Google Chrome
Updated: 07/17/2020
Detect date
?
07/14/2020
Severity
?
Critical
Description

Multiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to obtain sensitive information, cause denial of service, bypass security restrictions.

Below is a complete list of vulnerabilities:

  1. Incorrect security UI vulnerability in PWAs can be exploited to obtain sensitive information.
  2. Inappropriate implementation vulnerability in WebRTC can be exploited to potentially denial of service.
  3. Use after free vulnerability in developer tools can be exploited to potentially denial of service and bypass security restrictions.
  4. Heap buffer overflow vulnerability in Skia can be exploited to potentially denial of service and bypass security restrictions.
  5. Heap buffer overflow vulnerability in Skiacan can be exploited to potentially denial of service and bypass security restrictions.
  6. Inappropriate implementation vulnerability in external protocol handlers can be exploited to potentially denial of service.
  7. Incorrect security UI vulnerability in basic auth can be exploited to obtain sensitive information.
  8. Side-channel information leakage vulnerability in scroll to text can be exploited to obtain sensitive information.
  9. Out of bounds write vulnerability in Skia can be exploited to potentially denial of service and bypass security restrictions.
  10. Out of bounds vulnerability in developer tools can be exploited to potentially denial of service.
  11. Heap buffer overflow vulnerability in background fetch can be exploited to potentially denial of service and bypass security restrictions.
  12. Use after free vulnerability in tab strip can be exploited to potentially denial of service.
  13. Side-channel information leakage vulnerability in content security policy can be exploited to obtain sensitive information.
  14. Type Confusion vulnerability in V8 can be exploited to potentially denial of service.
  15. Policy bypass vulnerability in CORS can be exploited to security bypass.
  16. Insufficient policy enforcement vulnerability in CSP can be exploited to security bypass.
  17. Policy bypass vulnerability in CSP can be exploited to security bypass.
  18. Heap buffer overflow vulnerability in WebAudi can be exploited to potentially denial of service.
  19. Inappropriate implementation vulnerability in iframe sandbox can be exploited to potentially denial of service.
  20. Heap buffer overflow vulnerability in WebRTC can be exploited to potentially denial of service.
  21. Insufficient data validation vulnerability in WebUI can be exploited to potentially denial of service.
  22. Heap buffer overflow vulnerability in history can be exploited to potentially denial of service.
  23. Side-channel information leakage vulnerability in autofill can be exploited to obtain sensitive information.
  24. Inappropriate implementation vulnerability in WebRTC can be exploited to potentially denial of service.
  25. Heap buffer overflow vulnerability in PDFium can be exploited to potentially denial of service.
Affected products

Google Chrome earlier than 84.0.4147.89

Solution

Update to the latest version
Download Google Chrome

Original advisories

Stable Channel Update for Desktop

Impacts
?
OSI 
[?]

DoS 
[?]

SB 
[?]
Related products
Google Chrome
CVE-IDS
?
CVE-2020-65360.0Unknown
CVE-2020-65290.0Unknown
CVE-2020-65180.0Unknown
CVE-2020-65200.0Unknown
CVE-2020-65250.0Unknown
CVE-2020-65220.0Unknown
CVE-2020-65280.0Unknown
CVE-2020-65310.0Unknown
CVE-2020-65230.0Unknown
CVE-2020-65300.0Unknown
CVE-2020-65100.0Unknown
CVE-2020-65150.0Unknown
CVE-2020-65110.0Unknown
CVE-2020-65330.0Unknown
CVE-2020-65160.0Unknown
CVE-2020-65270.0Unknown
CVE-2020-65190.0Unknown
CVE-2020-65240.0Unknown
CVE-2020-65260.0Unknown
CVE-2020-65340.0Unknown
CVE-2020-65120.0Unknown
CVE-2020-65350.0Unknown
CVE-2020-65170.0Unknown
CVE-2020-65210.0Unknown
CVE-2020-65140.0Unknown
CVE-2020-65130.0Unknown