Multiple vulnerabilities in Google Chrome

Описание

Multiple serious vulnerabilities have been found in Google Chrome. Malicious users can exploit these vulnerabilities to cause a denial of service, bypass security restrictions, spoof user interface, execute arbitrary code, escalate privileges, obtain sensitive information and perform cross-site scripting attack.

Below is a complete list of vulnerabilities:

1. A use after free in IndexedDB component can be exploited remotely by an unauthenticated attacker to cause denial of service;
2. Insufficient validation of untrusted input in PPAPI Plugins component can be exploited remotely by an unauthenticated attacker to bypass security restrictions;
3. Inappropriate implementation in modal dialog handling in Blink component can be exploited remotely by an unauthenticated attacker to spoof user interface;
4. Type confusion in extensions JavaScript can be exploited remotely by an unauthenticated attacker to bypass security restrictions;
5. Stack overflow in PDFium component can be exploited remotely by an unauthenticated attacker to execute arbitrary code;
6. Insufficient policy enforcement during navigation can be exploited remotely by an unauthenticated attacker to perform a universal cross-site scripting attack;
7. Insufficient validation of untrusted input in Skia component can be exploited remotely by an unauthenticated attacker to cause denial of service;
8. A use after free in V8 component can be exploited remotely by an unauthenticated attacker to cause denial of service;
9. Insufficient validation of untrusted input in PPAPI Plugins component can be exploited remotely by an unauthenticated attacker to escalate privilege;
10. A use after free in Apps component can be exploited remotely by an unauthenticated attacker to cause denial of service;
11. Inappropriate implementation in Omnibox component can be exploited remotely by an unauthenticated attacker to spoof user interface;
12. Use of an uninitialized value in Skia component can be exploited remotely by an unauthenticated attacker to obtain sensitive information;
13. Inappropriate implementation in interstitials can be exploited remotely by an unauthenticated attacker to spoof user interface;
14. Insufficient Policy Enforcement in Omnibox component can be exploited remotely by an unauthenticated attacker to spoof user interface;
15. A timing attack in SVG rendering can be exploited remotely by an unauthenticated attacker to perform a universal cross-site scripting attack;
16. Type confusion in PDFium component can be exploited remotely by an unauthenticated attacker to bypass security restrictions;
17. Inappropriate implementation of unload handler handling in permission prompts can be exploited remotely by an unauthenticated attacker to spoof user interface;
18. Inappropriate implementation of the web payments API on blob: and data: schemes in Web Payments component can be exploited remotely by an unauthenticated attacker to spoof user interface;

---

Technical details

NB: This vulnerability does not have any public CVSS rating, so rating can be changed by the time.

Первичный источник обнаружения

• Stable Channel Update for Desktop
  

Связанные продукты

• Google-Chrome

Список CVE

• CVE-2017-5108
  high
• CVE-2017-5109
  warning
• CVE-2017-5110
  warning
• CVE-2017-5091
  high
• CVE-2017-5092
  high
• CVE-2017-5093
  warning
• CVE-2017-5094
  warning
• CVE-2017-5095
  high
• CVE-2017-5096
  warning
• CVE-2017-5097
  high
• CVE-2017-5098
  high
• CVE-2017-5099
  high
• CVE-2017-5100
  high
• CVE-2017-5101
  warning
• CVE-2017-5102
  warning
• CVE-2017-5103
  warning
• CVE-2017-5104
  warning
• CVE-2017-5105
  warning
• CVE-2017-5106
  warning
• CVE-2017-5107
  warning

Смотрите также

Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com