Продукты:
Для дома
Для малого бизнеса
Для среднего бизнеса
Для крупного бизнеса
Уязвимости Угрозы
Главная Уязвимости

Multiple vulnerabilities in Google Chrome

Kaspersky ID:
KLA11204
Дата обнаружения:
06/03/2018
Обновлено:
22/01/2024

Описание

Multiple serious vulnerabilities have been found in Google Chrome. Malicious users can exploit these vulnerabilities possibly to cause denial of service or spoof user interface.

Below is a complete list of vulnerabilities:

  1. Incorrect processing of AppMenifests can be exploited remotely to perform unspecified attacks;
  2. An unspecified vulnerability can be exploited remotely via specially crafted web page to bypass security restrictions;
  3. Incorrect validation of submissions to Interstitials can be exploited remotely via specially crafted web page to perform cross-site scripting attacks;
  4. Improper processing of inter-process communication (IPC) calls can be exploited remotely via specially crafted web page to obtain sensitive information;
  5. Improper texture data processing in WebGL can be exploited remotely via specially crafted web page to obtain sensitive information;
  6. A vulnerability in OmniBox can be exploited remotely via specially crafted web page to spoof user interface;
  7. An unspecified vulnerability can be exploited remotely via SVG filters to provide timing attack to obtain sensitive information;
  8. Improper processing of URL fragment identifiers in Blink can be exploited remotely to spoof user interface;
  9. Insufficient access restrictions can be exploited remotely to bypass security restrictions;
  10. A vulnerability in the Mark-of-the-Web (MOTW) protection mechanism can be exploited remotely via specially crafted web page to bypass security restrictions;
  11. A heap buffer overflow vulnerability in WebGL can be exploited remotely via specially crafted web page to obtain sensitive information;
  12. An incorrect memory management in PDFium can be exploited remotely via specially crafted PDF file to cause denial of service;
  13. A heap buffer overflow vulnerability in Skia can be exploited remotely via specially crafted web page to obtain sensitive information;
  14. Multiple unspecified vulnerabilities can be exploited remotely via specially crafted web page to bypass security restrictions;
  15. A stack buffer overflow vulnerability in Skia can be exploited remotely via specially crafted web page to obtain sensitive information;
  16. An unspecified vulnerability can be exploited remotely via specially crafted web page to obtain sensitive information;
  17. A buffer overflow vulnerability in Skia can be exploited remotely to obtain sensitive information;
  18. An integer overflow vulnerability in V8 can be exploited remotely via specially crafted web page to execute arbitrary code;
  19. A type confusion vulnerability in V8 can be exploited remotely to execute arbitrary code;
  20. A heap buffer overflow vulnerability in Skia can be exploited remotely via specially crafted web page to execute arbitrary code;
  21. A race condition vulnerability in V8 can be exploited remotely to execute arbitrary code;
  22. An use after free vulnerability in Blink can be exploited remotely via specially crafted web page to execute arbitrary code;
  23. Multiple use after free vulnerabilities can be exploited remotely via specially crafted web page to execute arbitrary code;
  24. Multiple incorrect sharing memory restrictions can be exploited remotely via specially crafted web page to execute arbitrary code;

Первичный источник обнаружения

Эксплуатация

Public exploits exist for this vulnerability.

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Связанные продукты

Список CVE

  • CVE-2017-11215
    critical
  • CVE-2017-11225
    critical
  • CVE-2018-6058
    warning
  • CVE-2018-6059
    warning
  • CVE-2018-6060
    high
  • CVE-2018-6061
    high
  • CVE-2018-6062
    high
  • CVE-2018-6057
    high
  • CVE-2018-6063
    high
  • CVE-2018-6064
    high
  • CVE-2018-6065
    high
  • CVE-2018-6066
    warning
  • CVE-2018-6067
    high
  • CVE-2018-6068
    warning
  • CVE-2018-6069
    warning
  • CVE-2018-6070
    warning
  • CVE-2018-6071
    high
  • CVE-2018-6072
    high
  • CVE-2018-6073
    high
  • CVE-2018-6074
    high
  • CVE-2018-6075
    warning
  • CVE-2018-6076
    warning
  • CVE-2018-6077
    warning
  • CVE-2018-6078
    warning
  • CVE-2018-6079
    warning
  • CVE-2018-6080
    warning
  • CVE-2018-6081
    warning
  • CVE-2018-6082
    warning
  • CVE-2018-6083
    high

Смотрите также

Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com

Нашли неточность в описании этой уязвимости? Дайте нам знать!
Kaspersky IT Security Calculator:
Оцените ваш профиль кибербезопасности
Узнать больше
Встречай новый Kaspersky!
Каждая минута твоей онлайн-жизни заслуживает топовой защиты.
Узнать больше
Related articles
10 July 2025
Securelist
Подсветка кода в Cursor AI за 500 000 долларов
08 July 2025
Securelist
Подход к тестированию на проникновение мейнфреймов на базе z/OS. Погружение в RACF
07 July 2025
Securelist
Шпион Batavia крадет данные российских организаций
25 June 2025
Securelist
ИИ и инструменты совместной работы: отчет об угрозах для малого и среднего бизнеса в 2025 году
23 June 2025
Securelist
SparkKitty, младший брат SparkCat: новый шпион в App Store и Google Play
11 June 2025
Securelist
Токсичная тенденция: очередной зловред маскируется под DeepSeek
Нашли неточность в описании этой уязвимости?
Если вы нашли новую угрозу или уязвимость, пожалуйста дайте нам знать по электронной почте:
newvirus@kaspersky.com
Нашли новую угрозу или уязвимость?
Если вы нашли новую угрозу или уязвимость, пожалуйста дайте нам знать по электронной почте:
newvirus@kaspersky.com
Продукты
Для дома
Для малого бизнеса
Для среднего бизнеса
Для крупного бизнеса
Select language
Sorting
Kaspersky ID
Уязвимость
Detect date
Уровень угрозы
Confirm changes?
Your message has been sent successfully.