KLA11413
Multiple vulnerabilities in Google Chrome
Обновлено: 26/06/2019
Дата обнаружения
29/01/2019
Уровень угрозы
Critical
Описание

Multiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to execute arbitrary code, bypass security restrictions.

Below is a complete list of vulnerabilities:

  1. Inappropriate implementation vulnerability in QUIC Networking component can be exploited to execute arbitrary code;
  2. Inappropriate implementation vulnerability in V8 component can be exploited to execute arbitrary code;
  3. Use after free vulnerability in PDFium component can be exploited remotely to execute arbitrary code;
  4. Type Confusion vulnerability in SVG component can be exploited remotely to execute arbitrary code;
  5. Use after free vulnerability in Blink component can be exploited remotely to execute arbitrary code;
  6. Use after free vulnerability in HTML select elements can be exploited remotely to execute arbitrary code;
  7. Use after free vulnerability in WebRTC component can be exploited remotely to execute arbitrary code;
  8. Use after free vulnerability in SwiftShader component can be exploited remotely to execute arbitrary code;
  9. Insufficient validation vulnerability in V8 component can be exploited remotely to execute arbitrary code;
  10. Insufficient policy enforcement vulnerability in browser can be exploited remotely to execute arbitrary code;
  11. Stack buffer overflow vulnerability in Skia component can be exploited remotely to bypass security restrictions;
  12. Insufficient policy enforcement vulnerability in Canvas component can be exploited remotely to execute arbitrary code;
  13. Incorrect security vulnerability of UI in WebAPKs component can be exploited remotely to execute arbitrary code;
  14. Insufficient policy enforcement vulnerability in DevTools component can be exploited remotely to execute arbitrary code;
  15. Insufficient validation of untrusted input vulnerability in Blink component can be exploited remotely to execute arbitrary code;
  16. Heap buffer overflow vulnerability in WebGL component can be exploited remotely to execute arbitrary code;
  17. Heap buffer overflow vulnerability in SwiftShader component can be exploited remotely to execute arbitrary code;
  18. Insufficient data validation vulnerability in IndexedDB component can be exploited remotely to execute arbitrary code;
  19. Insufficient validation of untrusted input vulnerability in SafeBrowsing component can be exploited remotely to execute arbitrary code;
  20. Insufficient policy enforcement vulnerability in Omnibox component can be exploited remotely to execute arbitrary code;
  21. Insufficient policy enforcement vulnerability in Extensions component can be exploited remotely to execute arbitrary code;
  22. Insufficient policy enforcement vulnerability in ServiceWorker component can be exploited remotely to execute arbitrary code;
  23. Insufficient validation of untrusted input vulnerability in DevTools component can be exploited remotely to execute arbitrary code;
Пораженные продукты

Google Chrome earlier than 72.0.3626.81

Решение

Update to the latest version
Google Chrome download page

Первичный источник обнаружения
Stable Channel Update for Desktop
Оказываемое влияние
?
ACE 
[?]

DoS 
[?]
Связанные продукты
Google Chrome
CVE-IDS
CVE-2019-57547.5Critical
CVE-2019-57828.8Critical
CVE-2019-57558.1Critical
CVE-2019-57568.8Critical
CVE-2019-57578.8Critical
CVE-2019-57588.8Critical
CVE-2019-57599.6Critical
CVE-2019-57608.8Critical
CVE-2019-57618.8Critical
CVE-2019-57628.8Critical
CVE-2019-57638.8Critical
CVE-2019-57648.8Critical
CVE-2019-57655.5High
CVE-2019-57857.0High
CVE-2019-57666.5High
CVE-2019-57676.5High
CVE-2019-57686.5High
CVE-2019-57698.8Critical
CVE-2019-57708.8Critical
CVE-2019-57718.8Critical
CVE-2019-57728.8Critical
CVE-2019-57736.5High
CVE-2019-57748.8Critical
CVE-2019-57756.5High
CVE-2019-57766.5High
CVE-2019-57776.5High
CVE-2019-57786.5High
CVE-2019-57794.3Warning
CVE-2019-57807.8Critical
CVE-2019-57838.8Critical
CVE-2019-57816.5High