KLA11413
Multiple vulnerabilities in Google Chrome
Обновлено: 22/05/2020
Дата обнаружения
29/01/2019
Уровень угрозы
Critical
Описание
  1. Multiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to execute arbitrary code, bypass security restrictions.

    Below is a complete list of vulnerabilities:

    1. Inappropriate implementation vulnerability in QUIC Networking component can be exploited to execute arbitrary code;
    2. Inappropriate implementation vulnerability in V8 component can be exploited to execute arbitrary code;
    3. Use after free vulnerability in PDFium component can be exploited remotely to execute arbitrary code;
    4. Type Confusion vulnerability in SVG component can be exploited remotely to execute arbitrary code;
    5. Use after free vulnerability in Blink component can be exploited remotely to execute arbitrary code;
    6. Use after free vulnerability in HTML select elements can be exploited remotely to execute arbitrary code;
    7. Use after free vulnerability in WebRTC component can be exploited remotely to execute arbitrary code;
    8. Use after free vulnerability in SwiftShader component can be exploited remotely to execute arbitrary code;
    9. Insufficient validation vulnerability in V8 component can be exploited remotely to execute arbitrary code;
    10. Insufficient policy enforcement vulnerability in browser can be exploited remotely to execute arbitrary code;
    11. Stack buffer overflow vulnerability in Skia component can be exploited remotely to bypass security restrictions;
    12. Insufficient policy enforcement vulnerability in Canvas component can be exploited remotely to execute arbitrary code;
    13. Incorrect security vulnerability of UI in WebAPKs component can be exploited remotely to execute arbitrary code;
    14. Insufficient policy enforcement vulnerability in DevTools component can be exploited remotely to execute arbitrary code;
    15. Insufficient validation of untrusted input vulnerability in Blink component can be exploited remotely to execute arbitrary code;
    16. Heap buffer overflow vulnerability in WebGL component can be exploited remotely to execute arbitrary code;
    17. Heap buffer overflow vulnerability in SwiftShader component can be exploited remotely to execute arbitrary code;
    18. Insufficient data validation vulnerability in IndexedDB component can be exploited remotely to execute arbitrary code;
    19. Insufficient validation of untrusted input vulnerability in SafeBrowsing component can be exploited remotely to execute arbitrary code;
    20. Insufficient policy enforcement vulnerability in Omnibox component can be exploited remotely to execute arbitrary code;
    21. Insufficient policy enforcement vulnerability in Extensions component can be exploited remotely to execute arbitrary code;
    22. Insufficient policy enforcement vulnerability in ServiceWorker component can be exploited remotely to execute arbitrary code;
    23. Insufficient validation of untrusted input vulnerability in DevTools component can be exploited remotely to execute arbitrary code;
Пораженные продукты

Google Chrome earlier than 72.0.3626.81

Решение

Update to the latest version
Google Chrome download page

Первичный источник обнаружения
Stable Channel Update for Desktop
Оказываемое влияние
?
ACE 
[?]

DoS 
[?]
Связанные продукты
Google Chrome
CVE-IDS
CVE-2019-57540.0Unknown
CVE-2019-57820.0Unknown
CVE-2019-57550.0Unknown
CVE-2019-57560.0Unknown
CVE-2019-57570.0Unknown
CVE-2019-57580.0Unknown
CVE-2019-57590.0Unknown
CVE-2019-57600.0Unknown
CVE-2019-57610.0Unknown
CVE-2019-57620.0Unknown
CVE-2019-57630.0Unknown
CVE-2019-57640.0Unknown
CVE-2019-57650.0Unknown
CVE-2019-57850.0Unknown
CVE-2019-57660.0Unknown
CVE-2019-57670.0Unknown
CVE-2019-57680.0Unknown
CVE-2019-57690.0Unknown
CVE-2019-57700.0Unknown
CVE-2019-57710.0Unknown
CVE-2019-57720.0Unknown
CVE-2019-57730.0Unknown
CVE-2019-57740.0Unknown
CVE-2019-57750.0Unknown
CVE-2019-57760.0Unknown
CVE-2019-57770.0Unknown
CVE-2019-57780.0Unknown
CVE-2019-57790.0Unknown
CVE-2019-57800.0Unknown
CVE-2019-57830.0Unknown
CVE-2019-57810.0Unknown
CVE-2019-136840.0Unknown
CVE-2018-200730.0Unknown