Kaspersky ID:
KLA11298
Дата обнаружения:
24/07/2018
Обновлено:
22/01/2024

Описание

Multiple serious vulnerabilities have been found in Google Chrome. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code, bypass security restrictions, spoof user interface, gain privileges, write local files and obtain sensitive information. Below is a complete list of vulnerabilities:

A stack buffer overflow vulnerability in Skia can be exploited remotely to execute arbitrary code and cause denial of service;
Multiple heap buffer overflow vulnerabilities in WebGL can be exploited remotely to execute arbitrary code and cause denial of service;
A use after free vulnerability in WebRTC can be exploited remotely to execute arbitrary code;
A heap buffer overflow vulnerability in WebRTC can be exploited remotely to execute arbitrary code and cause denial of service;
A use after free vulnerability in Blink can be exploited remotely to execute arbitrary code;
Multiple same origin policy bypass vulnerabilities in ServiceWorker can be exploited remotely to bypass security restrictions;
A same origin policy bypass vulnerability in WebAudio can be exploited remotely to bypass security restrictions;
Multiple URL spoof vulnerabilities in Omnibox can be exploited remotely to spoof user interface;
A CORS bypass vulnerabilities in Blink can be exploited remotely to bypass security restrictions;
A permission bypass vulnerability in extension installation can be exploited remotely to bypass security restrictions;
A type confusion vulnerability in PDFium can be exploited remotely to execute arbitrary code;
A use after free vulnerability in WebBluetooth can be exploited remotely to execute arbitrary code;
A integer overflow vulnerability in SwiftShader can be exploited remotely to cause denial of service;
An unspecified vulnerability in Extensions can be exploited remotely to gain privileges;
Multiple cross origin information leak vulnerabilities in Blink can be exploited remotely to obtain sensitive information;
A UI spoof vulnerability in Extensions can be exploited remotely to spoof user interface;
A local file information leak vulnerability in Extensions can be exploited remotely to obtain sensitive information;
A request privilege escalation vulnerability in Extensions can be exploited remotely to gain privileges;
A cross origin information disclosure in Service Workers can be exploited remotely to obtain sensitive information;
A local file write in DevTools can be exploited locally to write local files.

Первичный источник обнаружения

Связанные продукты

Список CVE

  • CVE-2018-4117
    warning
  • CVE-2018-6169
    warning
  • CVE-2018-6170
    high
  • CVE-2018-6171
    warning
  • CVE-2018-6172
    warning
  • CVE-2018-6173
    warning
  • CVE-2018-6174
    high
  • CVE-2018-6175
    warning
  • CVE-2018-6176
    warning
  • CVE-2018-6177
    warning
  • CVE-2018-6178
    warning
  • CVE-2018-6179
    warning
  • CVE-2018-6044
    warning
  • CVE-2018-6150
    warning
  • CVE-2018-6151
    high
  • CVE-2018-6152
    high
  • CVE-2018-6153
    high
  • CVE-2018-6154
    high
  • CVE-2018-6155
    warning
  • CVE-2018-6156
    high
  • CVE-2018-6157
    high
  • CVE-2018-6158
    high
  • CVE-2018-6159
    warning
  • CVE-2018-6161
    high
  • CVE-2018-6162
    high
  • CVE-2018-6163
    warning
  • CVE-2018-6164
    warning
  • CVE-2018-6165
    warning
  • CVE-2018-6166
    warning
  • CVE-2018-6167
    warning
  • CVE-2018-6168
    warning
  • CVE-2018-6160
    warning
  • CVE-2018-17460
    warning
  • CVE-2018-17461
    high

Смотрите также

Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com

Нашли неточность в описании этой уязвимости? Дайте нам знать!
Kaspersky IT Security Calculator:
Оцените ваш профиль кибербезопасности
Узнать больше
Встречай новый Kaspersky!
Каждая минута твоей онлайн-жизни заслуживает топовой защиты.
Узнать больше
Confirm changes?
Your message has been sent successfully.