Kaspersky ID:
KLA11079
Дата обнаружения:
25/07/2017
Обновлено:
22/01/2024

Описание

Multiple serious vulnerabilities have been found in Google Chrome. Malicious users can exploit these vulnerabilities to cause denial of service, spoof user interface and obtain sensitive information.

Below is a complete list of vulnerabilities:

  1. A use-after-free in IndexedDB can be exploited remotely possibly to execute arbitrary code;
  2. A use-after-free in PPAPI can be exploited remotely possibly to execute arbitrary code;
  3. An unspecified vulnerability in Blink can be exploited remotely to spoof user interface;
  4. A type confusion vulnerability in extensions can be exploited remotely possibly to execute arbitrary code;
  5. An out-of-bounds write in PDFium can be exploited remotely possibly to execute arbitrary code or cause a denial of service;
  6. An unspecified vulnerability can be exploited remotely to obtain sensitive information;
  7. An out-of-bounds read in Skia can be exploited remotely possibly to execute arbitrary code or cause a denial of service;
  8. A use-after-free vulnerability in V8 can be exploited remotely possibly to execute arbitrary code;
  9. An out-of-bounds write in PPAPI can be exploited remotely possibly to execute arbitrary code;
  10. A use-after-free vulnerability in Chrome Apps can be exploited remotely possibly to cause denial of service;
  11. Multiple unspecified vulnerabilities in OmniBox can be exploited to spoof user interface (URLs);
  12. Multiple vulnerabilities related to uninitialized use in Skia can be exploited remotely possibly to cause denial of service or another unspecified impact;
  13. Multiple unspecified vulnerabilities in browser can be exploited remotely to spoof user interface;
  14. A pointer disclosure vulnerability in SQLite can be exploited remotely to execute arbitrary code;
  15. An unspecified vulnerability in the SVG component can be exploited remotely to obtain sensitive information or have another unspecified impact;
  16. A type confusion vulnerability in PDFium can be exploited to possibly to have an unspecified impact;
  17. An unspecified vulnerability in Payments dialog can be exploited to spoof user interface.

Technical details

Vulnerability (6) is related to Android intents.

NB: Not every vulnerability already have CVSS rating so cumulative CVSS rating can be not representative.

NB: At this moment Google just reserved CVE numbers for this vulnerabilities. Information can be changed soon.

Первичный источник обнаружения

Связанные продукты

Список CVE

  • CVE-2017-5108
    high
  • CVE-2017-5109
    warning
  • CVE-2017-5110
    warning
  • CVE-2017-5091
    high
  • CVE-2017-5092
    high
  • CVE-2017-5093
    warning
  • CVE-2017-5094
    warning
  • CVE-2017-5095
    high
  • CVE-2017-5096
    warning
  • CVE-2017-5097
    high
  • CVE-2017-5098
    high
  • CVE-2017-5099
    high
  • CVE-2017-5100
    high
  • CVE-2017-5101
    warning
  • CVE-2017-5102
    warning
  • CVE-2017-5103
    warning
  • CVE-2017-5104
    warning
  • CVE-2017-5105
    warning
  • CVE-2017-5106
    warning
  • CVE-2017-5107
    warning
  • CVE-2017-6991
    high

Смотрите также

Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com

Нашли неточность в описании этой уязвимости? Дайте нам знать!
Kaspersky IT Security Calculator:
Оцените ваш профиль кибербезопасности
Узнать больше
Встречай новый Kaspersky!
Каждая минута твоей онлайн-жизни заслуживает топовой защиты.
Узнать больше
Confirm changes?
Your message has been sent successfully.