Description
Multiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information, bypass security restrictions, cause denial of service.
Below is a complete list of vulnerabilities:
- Use-after-free vulnerability in ServiceWorker can be exploited remotely via specially designed website to execute arbitrary code
- Incorrectly credentialed requests in CORS can be exploited remotely to obtain sensitive information
- Incorrect map processing in V8 core can be exploited remotely via specially designed website to bypass security restrictions
- Incorrect CORS handling in XHR can be exploited remotely via specially designed website to cause denial of service
- Inconsistent security UI placement in Google Chrome can be exploited remotely to obtain sensitive information
- URL spoofing in Omnibox on iOS can be exploited remotely to obtain sensitive information
- Out of bounds reading in Swiftshader can be exploited remotely via specially designed website to cause denial of service
- Heap buffer overflow in Angle can be exploited remotely via specially designed website to cause denial of service
- Cross-origin resources size disclosure in Appcache of Google Chrome can be exploited remotely to obtain sensitive information
- Overly permissive tab access in Extensions of Google Chrome can be exploited remotely to obtain sensitive information
- Incorrect handling of certain code points in Blink can be exploited remotely via specially designed website to cause denial of service
- Popup blocker bypass vulnerability in Google Chrome can be exploited remotely via specially designed website to bypass security restrictions
- Out of bounds reading in Skia can be exploited remotely to cause denial of service
Fiches de renseignement originales
Exploitation
Public exploits exist for this vulnerability.
Produits associés
- Google-Chrome
- Google-Chrome-Enterprise-for-current-user
- Google-Chrome-for-KIS
- Google-Chrome-for-current-user
Liste CVE
- CVE-2019-5828 critical
- CVE-2019-5829 critical
- CVE-2019-5830 high
- CVE-2019-5831 critical
- CVE-2019-5832 high
- CVE-2019-5833 warning
- CVE-2019-5834 high
- CVE-2019-5835 high
- CVE-2019-5836 critical
- CVE-2019-5837 high
- CVE-2019-5838 warning
- CVE-2019-5839 warning
- CVE-2019-5840 warning
- CVE-2019-5849 critical
En savoir plus
Découvrez les statistiques de la propagation des vulnérabilités dans votre région statistics.securelist.com
Vous avez trouvé une inexactitude dans la description de cette vulnérabilité ? Faites-le nous savoir !