Описание
Multiple serious vulnerabilities have been found in Google Chrome. Malicious users can exploit these vulnerabilities to bypass security restrictions, obtain sensitive information, cause denial of service, spoof user interface, gain privileges, execute arbitrary code and perform unspecified attacks.
Below is a complete list of vulnerabilities:
- Multiple use-after-free vulnerabilities in Disk Cache can be exploited remotely possibly to execute arbitrary code;
- An use-after-free vulnerability in WebAssembly can be exploited remotely possibly to execute arbitrary code;
- An use-after-free vulnerability in PDFium can be exploited remotely possibly to execute arbitrary code;
- Multiple same origin bypass vulnerabilities in Service Worker can be exploited remotely to bypass security restrictions;
- A heap buffer overflow vulnerability in Skia can be exploited remotely to cause denial of service;
- An incorrect handling of plug-ins by Service Worker can be exploited remotely to perform unspecified attack;
- An integer overflow in WebAssembly can be exploited remotely to cause denial of service;
- An exploit hardening regression vulnerability in Oilpan can be exploited remotely to perform unspecified attacks;
- A lack of meaningful user interaction requirement before file upload can be exploited remotely to obtain sensitive information;
- Multiple fullscreen UI spoof vulnerabilities can be exploited remotely to spoof user interface;
- Multiple URL spoof vulnerabilities in Omnibox can be exploited remotely to spoof user interface;
- A CORS bypass in ServiceWorker can be exploited remotely to bypass security restrictions;
- An insufficient protection of remote debugging prototol in DevTools can be exploited remotely to perform unspecified attacks;
- An UI spoof vulnerability in Permissions can be exploited remotely to spoof user interface;
- An incorrect handling of promises in V8 can be exploited remotely possibly to gain privileges;
- An incorrect handling of files by FileAPI can be exploited remotely possibly to execute arbitrary code;
- Incorrect handling of plaintext files can be exploited remotely via file:// possibly to cause denial of service;
- A heap-use-after-free vulnerability in DevTools can be exploited remotely possibly to execute arbitrary code;
- An incorrect URL handling in DevTools can be exploited remotely possibly to cause denial of service;
- An URL spoof vulnerability in Navigation can be exploited remotely to spoof user interface;
- A CSP bypass vulnerability can be exploited remotely to bypass security restrictions;
- A SmartScreen bypass vulnerability in downloads can be exploited remotely possibly to execute arbitrary code;
- An incorrect low memory handling in WebAssembly can be exploited remotely possibly to cause denial of service and execute arbitrary code;
- A confusing autofill settings can be exploited remotely possibly to obtain sensitive information or cause denial of service;
- An incorrect use of Distributed Objects in Google Software Updater on MacOS can be exploited remotely to perform unspecified attacks.
Первичный источник обнаружения
Эксплуатация
Public exploits exist for this vulnerability.
Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.
Связанные продукты
Список CVE
- CVE-2018-6085 high
- CVE-2018-6086 high
- CVE-2018-6087 high
- CVE-2018-6088 high
- CVE-2018-6089 warning
- CVE-2018-6090 high
- CVE-2018-6091 warning
- CVE-2018-6092 high
- CVE-2018-6093 warning
- CVE-2018-6094 high
- CVE-2018-6095 warning
- CVE-2018-6096 warning
- CVE-2018-6097 warning
- CVE-2018-6098 warning
- CVE-2018-6099 warning
- CVE-2018-6100 warning
- CVE-2018-6101 high
- CVE-2018-6102 warning
- CVE-2018-6103 warning
- CVE-2018-6104 warning
- CVE-2018-6105 warning
- CVE-2018-6106 high
- CVE-2018-6107 warning
- CVE-2018-6108 warning
- CVE-2018-6109 warning
- CVE-2018-6110 high
- CVE-2018-6111 high
- CVE-2018-6112 warning
- CVE-2018-6113 warning
- CVE-2018-6114 warning
- CVE-2018-6115 warning
- CVE-2018-6116 warning
- CVE-2018-6117 warning
- CVE-2018-6084 high
Смотрите также
Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com
Нашли неточность в описании этой уязвимости? Дайте нам знать!