Kaspersky ID:
KLA11129
Дата обнаружения:
25/07/2017
Обновлено:
22/01/2024

Описание

Multiple serious vulnerabilities have been found in Google Chrome. Malicious users can exploit these vulnerabilities to cause a denial of service, bypass security restrictions, spoof user interface, execute arbitrary code, escalate privileges, obtain sensitive information and perform cross-site scripting attack.

Below is a complete list of vulnerabilities:

  1. A use after free in IndexedDB component can be exploited remotely by an unauthenticated attacker to cause denial of service;
  2. Insufficient validation of untrusted input in PPAPI Plugins component can be exploited remotely by an unauthenticated attacker to bypass security restrictions;
  3. Inappropriate implementation in modal dialog handling in Blink component can be exploited remotely by an unauthenticated attacker to spoof user interface;
  4. Type confusion in extensions JavaScript can be exploited remotely by an unauthenticated attacker to bypass security restrictions;
  5. Stack overflow in PDFium component can be exploited remotely by an unauthenticated attacker to execute arbitrary code;
  6. Insufficient policy enforcement during navigation can be exploited remotely by an unauthenticated attacker to perform a universal cross-site scripting attack;
  7. Insufficient validation of untrusted input in Skia component can be exploited remotely by an unauthenticated attacker to cause denial of service;
  8. A use after free in V8 component can be exploited remotely by an unauthenticated attacker to cause denial of service;
  9. Insufficient validation of untrusted input in PPAPI Plugins component can be exploited remotely by an unauthenticated attacker to escalate privilege;
  10. A use after free in Apps component can be exploited remotely by an unauthenticated attacker to cause denial of service;
  11. Inappropriate implementation in Omnibox component can be exploited remotely by an unauthenticated attacker to spoof user interface;
  12. Use of an uninitialized value in Skia component can be exploited remotely by an unauthenticated attacker to obtain sensitive information;
  13. Inappropriate implementation in interstitials can be exploited remotely by an unauthenticated attacker to spoof user interface;
  14. Insufficient Policy Enforcement in Omnibox component can be exploited remotely by an unauthenticated attacker to spoof user interface;
  15. A timing attack in SVG rendering can be exploited remotely by an unauthenticated attacker to perform a universal cross-site scripting attack;
  16. Type confusion in PDFium component can be exploited remotely by an unauthenticated attacker to bypass security restrictions;
  17. Inappropriate implementation of unload handler handling in permission prompts can be exploited remotely by an unauthenticated attacker to spoof user interface;
  18. Inappropriate implementation of the web payments API on blob: and data: schemes in Web Payments component can be exploited remotely by an unauthenticated attacker to spoof user interface;

Technical details

NB: This vulnerability does not have any public CVSS rating, so rating can be changed by the time.

Первичный источник обнаружения

Связанные продукты

Список CVE

  • CVE-2017-5108
    high
  • CVE-2017-5109
    warning
  • CVE-2017-5110
    warning
  • CVE-2017-5091
    high
  • CVE-2017-5092
    high
  • CVE-2017-5093
    warning
  • CVE-2017-5094
    warning
  • CVE-2017-5095
    high
  • CVE-2017-5096
    warning
  • CVE-2017-5097
    high
  • CVE-2017-5098
    high
  • CVE-2017-5099
    high
  • CVE-2017-5100
    high
  • CVE-2017-5101
    warning
  • CVE-2017-5102
    warning
  • CVE-2017-5103
    warning
  • CVE-2017-5104
    warning
  • CVE-2017-5105
    warning
  • CVE-2017-5106
    warning
  • CVE-2017-5107
    warning

Смотрите также

Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com

Нашли неточность в описании этой уязвимости? Дайте нам знать!
Kaspersky IT Security Calculator:
Оцените ваш профиль кибербезопасности
Узнать больше
Встречай новый Kaspersky!
Каждая минута твоей онлайн-жизни заслуживает топовой защиты.
Узнать больше
Confirm changes?
Your message has been sent successfully.