Kaspersky ID:
KLA11257
Дата обнаружения:
29/05/2018
Обновлено:
22/01/2024

Описание

Multiple serious vulnerabilities have been found in Google Chrome. Malicious users can exploit these vulnerabilities possibly to execute arbitrary code, cause denial of service, perform cross-site scripting attacks, obtain sensitive information, spoof user interface, bypass security restrictions and perform unspecified attacks.

Below is a complete list of vulnerabilities:

  1. An use after free vulnerability in Blink can be exploited remotely to execute arbitrary code;
  2. A type confusion vulnerability in Blink can be exploited remotely to execute arbitrary code;
  3. An overly permissive policy in WebUSB can be exploited remotely to perform unspecified attacks;
  4. Multiple heap buffer overflow vulnerabilities in Skia can be exploited remotely to cause denial of service;
  5. An use after free vulnerability in indexedDB can be exploited remotely to cause denial of service;
  6. An uXSS vulnerability in Chrome for iOS can be exploited remotely to perform cross-site scripting attacks;
  7. Multiple out-of-bounds memory access vulnerabilities in WebRTC can be exploited remotely possibly to obtain sensitive information, cause denial of service or execute arbitrary code;
  8. An incorrect mutability protection in WebAssembly can be exploited remotely possibly to obtain sensitive information;
  9. An use of uninitialized memory vulnerability in WebRTC can be exploited remotely to cause denial of service;
  10. An URL spoof vulnerability in Omnibox can be exploited remotely to spoof user interface;
  11. A referrer policy bypass in Blink can be exploited remotely to bypass security restrictions;
  12. An UI spoofing vulnerability in Blink can be exploited remotely to spoof user interface;
  13. Multiple out-of-bounds memory access vulnerabilities in V8 can be exploited remotely possibly to obtain sensitive information, cause denial of service or execute arbitrary code;
  14. A leak of visited status of page in Blink can be exploited remotely to obtain sensitive information;
  15. An overly permissive policy in Extentions can be exploited remotely to perform unspecified attacks;
  16. Multiple restrictions bypass vulnerabilities in the debugger can be exploited remotely to bypass security restrictions;
  17. An out-of-bounds memory access vulnerability in PDFium can be exploited remotely to cause denial of service;
  18. An incorrect escaping of MathML in Blink can be exploited remotely to cause denial of service;

NB: This vulnerability does not have any public CVSS rating, so rating can be changed by the time.

NB: At this moment Google has just reserved CVE numbers for these vulnerabilities. Information can be changed soon.

Первичный источник обнаружения

Эксплуатация

Public exploits exist for this vulnerability.

Связанные продукты

Список CVE

  • CVE-2018-6123
    warning
  • CVE-2018-6124
    high
  • CVE-2018-6125
    unknown
  • CVE-2018-6126
    high
  • CVE-2018-6127
    high
  • CVE-2018-6128
    warning
  • CVE-2018-6129
    warning
  • CVE-2018-6130
    warning
  • CVE-2018-6131
    high
  • CVE-2018-6132
    warning
  • CVE-2018-6133
    warning
  • CVE-2018-6134
    warning
  • CVE-2018-6135
    warning
  • CVE-2018-6136
    warning
  • CVE-2018-6137
    warning
  • CVE-2018-6138
    high
  • CVE-2018-6139
    high
  • CVE-2018-6140
    critical
  • CVE-2018-6141
    high
  • CVE-2018-6142
    warning
  • CVE-2018-6143
    warning
  • CVE-2018-6144
    high
  • CVE-2018-6145
    warning
  • CVE-2018-6147
    warning

Смотрите также

Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com

Нашли неточность в описании этой уязвимости? Дайте нам знать!
Kaspersky IT Security Calculator:
Оцените ваш профиль кибербезопасности
Узнать больше
Встречай новый Kaspersky!
Каждая минута твоей онлайн-жизни заслуживает топовой защиты.
Узнать больше
Confirm changes?
Your message has been sent successfully.