Kaspersky Threats

Описание

Multiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to execute arbitrary code, bypass security restrictions.

Below is a complete list of vulnerabilities:

Inappropriate implementation vulnerability in QUIC Networking component can be exploited to execute arbitrary code;
Inappropriate implementation vulnerability in V8 component can be exploited to execute arbitrary code;
Use after free vulnerability in PDFium component can be exploited remotely to execute arbitrary code;
Type Confusion vulnerability in SVG component can be exploited remotely to execute arbitrary code;
Use after free vulnerability in Blink component can be exploited remotely to execute arbitrary code;
Use after free vulnerability in HTML select elements can be exploited remotely to execute arbitrary code;
Use after free vulnerability in WebRTC component can be exploited remotely to execute arbitrary code;
Use after free vulnerability in SwiftShader component can be exploited remotely to execute arbitrary code;
Insufficient validation vulnerability in V8 component can be exploited remotely to execute arbitrary code;
Insufficient policy enforcement vulnerability in browser can be exploited remotely to execute arbitrary code;
Stack buffer overflow vulnerability in Skia component can be exploited remotely to bypass security restrictions;
Insufficient policy enforcement vulnerability in Canvas component can be exploited remotely to execute arbitrary code;
Incorrect security vulnerability of UI in WebAPKs component can be exploited remotely to execute arbitrary code;
Insufficient policy enforcement vulnerability in DevTools component can be exploited remotely to execute arbitrary code;
Insufficient validation of untrusted input vulnerability in Blink component can be exploited remotely to execute arbitrary code;
Heap buffer overflow vulnerability in WebGL component can be exploited remotely to execute arbitrary code;
Heap buffer overflow vulnerability in SwiftShader component can be exploited remotely to execute arbitrary code;
Insufficient data validation vulnerability in IndexedDB component can be exploited remotely to execute arbitrary code;
Insufficient validation of untrusted input vulnerability in SafeBrowsing component can be exploited remotely to execute arbitrary code;
Insufficient policy enforcement vulnerability in Omnibox component can be exploited remotely to execute arbitrary code;
Insufficient policy enforcement vulnerability in Extensions component can be exploited remotely to execute arbitrary code;
Insufficient policy enforcement vulnerability in ServiceWorker component can be exploited remotely to execute arbitrary code;
Insufficient validation of untrusted input vulnerability in DevTools component can be exploited remotely to execute arbitrary code;
Use after free vulnerability in FileAPI component can be exploited remotely to execute arbitrary code.

Первичный источник обнаружения

Stable Channel Update for Desktop

Связанные продукты

Google-Chrome

Список CVE

CVE-2019-5754
warning
CVE-2019-5782
high
CVE-2019-5755
high
CVE-2019-5756
high
CVE-2019-5757
high
CVE-2019-5758
high
CVE-2019-5759
high
CVE-2019-5760
high
CVE-2019-5761
high
CVE-2019-5762
high
CVE-2019-5763
high
CVE-2019-5764
high
CVE-2019-5765
warning
CVE-2019-5785
warning
CVE-2019-5766
warning
CVE-2019-5767
warning
CVE-2019-5768
warning
CVE-2019-5769
high
CVE-2019-5770
high
CVE-2019-5771
high
CVE-2019-5772
high
CVE-2019-5773
warning
CVE-2019-5774
high
CVE-2019-5775
warning
CVE-2019-5776
warning
CVE-2019-5777
warning
CVE-2019-5778
warning
CVE-2019-5779
warning
CVE-2019-5780
warning
CVE-2019-5783
high
CVE-2019-5781
warning
CVE-2019-13684
warning
CVE-2018-20073
warning
CVE-2019-13768
warning

Смотрите также

Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com

Нашли неточность в описании этой уязвимости? Дайте нам знать!