Описание
Multiple serious vulnerabilities have been found in Google Chrome earlier than 58.0.3029.81. Malicious users can exploit these vulnerabilities to execute arbitrary code and spoof user interface.
Below is a complete list of vulnerabilities:
- Type confusion in the PDFium component can be exploited remotely by an unauthenticated attacker to cause denial of service;
- A use after free in the PrintPreview component can be exploited remotely by an unauthenticated attacker to cause denial of service;
- Type confusion in the Blink component can be exploited remotely by an unauthenticated attacker to execute arbitrary code;
- Insufficient Policy Enforcement in Omnibox component can be exploited remotely by an unauthenticated attacker to bypass security restrictions;
- A race condition in navigation can be exploited remotely by an unauthenticated attacker to spoof user interface;
- A use after free in Chrome Apps can be exploited remotely by an unauthenticated attacker to cause denial of service;
- A numeric overflow in the Skia component can be exploited remotely by an unauthenticated attacker to cause denial of service;
- Incorrect handling of DOM changes in Blink component can be exploited remotely by an unauthenticated attacker to cause denial of service;
- Lack of an appropriate action on page navigation in Blink component can be exploited remotely by an unauthenticated attacker to bypass security restrictions;
- Insufficient consistency checks in signature handling in the networking stack can be exploited remotely by an unauthenticated attacker to bypass security restrictions;
- An insufficient watchdog timer in navigation can be exploited remotely by an unauthenticated attacker to spoof user interface;
- Incorrect MIME type of XSS-Protection reports in Blink component can be exploited remotely by an unauthenticated attacker to escalate of privilege;
Technical details
NB: This vulnerability does not have any public CVSS rating, so rating can be changed by the time.
Первичный источник обнаружения
Связанные продукты
Список CVE
- CVE-2017-5057 high
- CVE-2017-5058 high
- CVE-2017-5059 high
- CVE-2017-5060 warning
- CVE-2017-5061 warning
- CVE-2017-5062 high
- CVE-2017-5063 high
- CVE-2017-5064 high
- CVE-2017-5065 warning
- CVE-2017-5066 warning
- CVE-2017-5067 warning
- CVE-2017-5068 high
- CVE-2017-5069 warning
Смотрите также
Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com
Нашли неточность в описании этой уязвимости? Дайте нам знать!