Kaspersky ID:
KLA10962
Дата обнаружения:
17/02/2017
Обновлено:
22/01/2024

Описание

Multiple serious vulnerabilities have been found in Google Chrome. Malicious users can exploit these vulnerabilities to spoof user interface and cause a denial of service,bypass security restrictions.

Below is a complete list of vulnerabilities:

  1. Inability to prevent alerts from being displayed by swapped out frames can be exploited remotely via a specially designed HTML page to show alerts on a page attackers don’t control and spoof user interface;
  2. Heap corruption vulnerabilities in FFmpeg can be exploited remotely via a specially designed video file possibly to cause a denial of service;
  3. Type confusion vulnerability in Histogram can be exploited remotely via a specially designed HTML page possibly to cause a denial of service;
  4. Improper enforcing of unsafe-inline content security policy in Blink can be exploited remotely via a specially designed HTML page to bypass content security policy.

Technical details

Vulnerability (2) occurs because of incorrect bounds checking.

In case of exploiting vulnerability (3), a near null dereference causes a denial of service.

Первичный источник обнаружения

Связанные продукты

Список CVE

  • CVE-2017-5022
    warning
  • CVE-2017-5023
    warning
  • CVE-2017-5024
    warning
  • CVE-2017-5025
    warning
  • CVE-2017-5026
    warning
  • CVE-2017-5027
    warning

Смотрите также

Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com

Нашли неточность в описании этой уязвимости? Дайте нам знать!
Kaspersky IT Security Calculator:
Оцените ваш профиль кибербезопасности
Узнать больше
Встречай новый Kaspersky!
Каждая минута твоей онлайн-жизни заслуживает топовой защиты.
Узнать больше
Confirm changes?
Your message has been sent successfully.