Kaspersky ID:
KLA10865
Дата обнаружения:
31/08/2016
Обновлено:
22/01/2024

Описание

Multiple serious vulnerabilities have been found in Google Chrome. Malicious users can exploit these vulnerabilities to bypass security restrictions or inject arbitrary code.

Below is a complete list of vulnerabilities

  1. An improper values validation at Skia can be exploited remotely via a specially designed graphics data to cause denial of service or possibly have another unknown impact;
  2. Lack of download URL restrictions can be exploited remotely via a specially designed web content to obtain sensitive information;
  3. XSS vulnerabilities at DevTools and Blink can be exploited remotely via a specially designed content to inject arbitrary script;
  4. Lack of URL rendering restrictions can be exploited remotely via a specially designed URL to spoof user interface;
  5. An improper extensions manifest usage can be exploited remotely via clickjacking to spoof user interface;
  6. An improper custom properties handling can be exploited remotely via a specially designed content to cause denial of service or possibly have another unknown impact;
  7. Multiple integer overflows at PDFium can be exploited remotely via a specially designed JPEG 2000 data to cause denial of service or possibly have another unknown impact;
  8. Heap buffer overflow vulnerability at PDFium can be exploited remotely via a specially designed JPEG 2000 data to execute arbitrary code;
  9. An improper filtered events processing can be exploited remotely to cause denial of service or conduct another unknown impact;
  10. Lack of initial document access restrictions can be exploited remotely via a specially designed web site to spoof user interface;
  11. Multiple heap buffer overflows in PDFium can be exploited remotely via a specially designed JBig2 image to cause denial of service or possibly conduct another unknown impact;
  12. An improper list iteration at Blink can be exploited remotely via a specially designed web site to cause denial of service or conduct another unknown impact;
  13. An integer overflow vulnerability at OpenJPEG can be exploited remotely via a specially designed JPEG2000 data to cause denial of service or conduct another unknown impact;
  14. An improper timers handling at PDFium can be exploited remotely via a specially designed PDF document to cause denial of service or conduct another unknown impact;
  15. Lack of key-path evaluation restrictions at Blink can be exploited remotely via a specially designed JavaScript to cause denial of service or conduct another unknown impact;
  16. An improper IFRAME URL handling can be exploited remotely via a specially designed web resource to manipulate user extensions;
  17. XSS vulnerability at Blink can be exploited remotely via vectors related to widgets updates to inject arbitrary code;
  18. An improper handling of deferred page loading at Blink can be exploited remotely via a specially designed content to injcet arbitrary code.

Technical details

Vulnerability (1) related to SkPath.cpp which does not properly validate the return values of ChopMonoAtY calls.

Vulnerability (2) caused by lack of restrictions on saving a file:// URL that is referenced by an http:// URL. This vulnerability can lead to discovering NetNTLM hashes and SMB relay attacks and can be exploited via a specially designed web page with «Save page as» menu.

Vulnerability (3) can be exploited via the settings parameter in a chrome-devtools-frontend.appspot.com URL’s query string.

Vulnerability (4) related to bidirectional-text implementation which does not ensure left-to-right (LTR) rendering of URLs. Thiw vulnerability can be exploited via crafted right-to-left (RTL) Unicode text, related to omnibox/SuggestionView.java and omnibox/UrlBar.java in Chrome for Android.

Vulnerability (5) related to AllowCrossRendererResourceLoad function in extensions/browser/url_request_util.cc which does not properly use an extension’s manifest.json web_accessible_resources field for restrictions on IFRAME elements.

Vulnerability (6) related to EditingStyle::mergeStyle function in WebKit/Source/core/editing/EditingStyle.cpp.

Vulnerability (7) related to opj_aligned_malloc calls in dwt.c and t1.c at OpenJPEG.

Vulnerability (8) related to opj_dwt_interleave_v function in dwt.c.

Vulnerability (9) related to extensions/renderer/event_bindings.cc in the event bindings which attempts to process filtered events after failure to add an event matcher.

Vulnerability (10) can be exploited to spoof address bar.

Vulnerability (12) related to Web Animations implementation.

Vulnerability (13) related to opj_tcd_get_decoded_tile_size function in tcd.c.

Vulnerability (14) related to fpdfsdk/javascript/JS_Object.cpp and fpdfsdk/javascript/app.cpp.

Vulnerability (15) related to WebKit/Source/bindings/modules/v8/V8BindingForModules.cpp which has an Indexed Database (aka IndexedDB) API implementation that does not properly restrict key-path evaluation.

Vulnerability (16) related to extensions subsystem which relies on an IFRAME source URL to identify an associated extension. This vulnerability can be exploited by leveraging script access to a resource that initially has the about:blank URL.

Первичный источник обнаружения

Связанные продукты

Список CVE

  • CVE-2016-7395
    high
  • CVE-2016-5167
    critical
  • CVE-2016-5166
    warning
  • CVE-2016-5165
    warning
  • CVE-2016-5164
    warning
  • CVE-2016-5163
    warning
  • CVE-2016-5162
    warning
  • CVE-2016-5161
    high
  • CVE-2016-5160
    warning
  • CVE-2016-5159
    high
  • CVE-2016-5158
    high
  • CVE-2016-5157
    high
  • CVE-2016-5156
    high
  • CVE-2016-5155
    warning
  • CVE-2016-5154
    high
  • CVE-2016-5153
    high
  • CVE-2016-5152
    high
  • CVE-2016-5151
    high
  • CVE-2016-5150
    high
  • CVE-2016-5149
    high
  • CVE-2016-5148
    warning
  • CVE-2016-5147
    warning

Смотрите также

Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com

Нашли неточность в описании этой уязвимости? Дайте нам знать!
Kaspersky IT Security Calculator:
Оцените ваш профиль кибербезопасности
Узнать больше
Встречай новый Kaspersky!
Каждая минута твоей онлайн-жизни заслуживает топовой защиты.
Узнать больше
Confirm changes?
Your message has been sent successfully.