KLA11413
Multiple vulnerabilities in Google Chrome

Обновлено: 03/06/2020
Дата обнаружения
29/01/2019
Уровень угрозы
Critical
Описание
  1. Multiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to execute arbitrary code, bypass security restrictions.

    Below is a complete list of vulnerabilities:

    1. Inappropriate implementation vulnerability in QUIC Networking component can be exploited to execute arbitrary code;
    2. Inappropriate implementation vulnerability in V8 component can be exploited to execute arbitrary code;
    3. Use after free vulnerability in PDFium component can be exploited remotely to execute arbitrary code;
    4. Type Confusion vulnerability in SVG component can be exploited remotely to execute arbitrary code;
    5. Use after free vulnerability in Blink component can be exploited remotely to execute arbitrary code;
    6. Use after free vulnerability in HTML select elements can be exploited remotely to execute arbitrary code;
    7. Use after free vulnerability in WebRTC component can be exploited remotely to execute arbitrary code;
    8. Use after free vulnerability in SwiftShader component can be exploited remotely to execute arbitrary code;
    9. Insufficient validation vulnerability in V8 component can be exploited remotely to execute arbitrary code;
    10. Insufficient policy enforcement vulnerability in browser can be exploited remotely to execute arbitrary code;
    11. Stack buffer overflow vulnerability in Skia component can be exploited remotely to bypass security restrictions;
    12. Insufficient policy enforcement vulnerability in Canvas component can be exploited remotely to execute arbitrary code;
    13. Incorrect security vulnerability of UI in WebAPKs component can be exploited remotely to execute arbitrary code;
    14. Insufficient policy enforcement vulnerability in DevTools component can be exploited remotely to execute arbitrary code;
    15. Insufficient validation of untrusted input vulnerability in Blink component can be exploited remotely to execute arbitrary code;
    16. Heap buffer overflow vulnerability in WebGL component can be exploited remotely to execute arbitrary code;
    17. Heap buffer overflow vulnerability in SwiftShader component can be exploited remotely to execute arbitrary code;
    18. Insufficient data validation vulnerability in IndexedDB component can be exploited remotely to execute arbitrary code;
    19. Insufficient validation of untrusted input vulnerability in SafeBrowsing component can be exploited remotely to execute arbitrary code;
    20. Insufficient policy enforcement vulnerability in Omnibox component can be exploited remotely to execute arbitrary code;
    21. Insufficient policy enforcement vulnerability in Extensions component can be exploited remotely to execute arbitrary code;
    22. Insufficient policy enforcement vulnerability in ServiceWorker component can be exploited remotely to execute arbitrary code;
    23. Insufficient validation of untrusted input vulnerability in DevTools component can be exploited remotely to execute arbitrary code;
Пораженные продукты

Google Chrome earlier than 72.0.3626.81

Решение

Update to the latest version
Google Chrome download page

Первичный источник обнаружения
Stable Channel Update for Desktop
Оказываемое влияние
?
ACE 
[?]

DoS 
[?]
Связанные продукты
Google Chrome
CVE-IDS
Узнай статистику распространения уязвимостей в твоем регионе