Kaspersky Threats

Дата обнаружения

29/01/2019

Уровень угрозы

Critical

Описание

Multiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to execute arbitrary code, bypass security restrictions.

Below is a complete list of vulnerabilities:
1. Inappropriate implementation vulnerability in QUIC Networking component can be exploited to execute arbitrary code;
2. Inappropriate implementation vulnerability in V8 component can be exploited to execute arbitrary code;
3. Use after free vulnerability in PDFium component can be exploited remotely to execute arbitrary code;
4. Type Confusion vulnerability in SVG component can be exploited remotely to execute arbitrary code;
5. Use after free vulnerability in Blink component can be exploited remotely to execute arbitrary code;
6. Use after free vulnerability in HTML select elements can be exploited remotely to execute arbitrary code;
7. Use after free vulnerability in WebRTC component can be exploited remotely to execute arbitrary code;
8. Use after free vulnerability in SwiftShader component can be exploited remotely to execute arbitrary code;
9. Insufficient validation vulnerability in V8 component can be exploited remotely to execute arbitrary code;
10. Insufficient policy enforcement vulnerability in browser can be exploited remotely to execute arbitrary code;
11. Stack buffer overflow vulnerability in Skia component can be exploited remotely to bypass security restrictions;
12. Insufficient policy enforcement vulnerability in Canvas component can be exploited remotely to execute arbitrary code;
13. Incorrect security vulnerability of UI in WebAPKs component can be exploited remotely to execute arbitrary code;
14. Insufficient policy enforcement vulnerability in DevTools component can be exploited remotely to execute arbitrary code;
15. Insufficient validation of untrusted input vulnerability in Blink component can be exploited remotely to execute arbitrary code;
16. Heap buffer overflow vulnerability in WebGL component can be exploited remotely to execute arbitrary code;
17. Heap buffer overflow vulnerability in SwiftShader component can be exploited remotely to execute arbitrary code;
18. Insufficient data validation vulnerability in IndexedDB component can be exploited remotely to execute arbitrary code;
19. Insufficient validation of untrusted input vulnerability in SafeBrowsing component can be exploited remotely to execute arbitrary code;
20. Insufficient policy enforcement vulnerability in Omnibox component can be exploited remotely to execute arbitrary code;
21. Insufficient policy enforcement vulnerability in Extensions component can be exploited remotely to execute arbitrary code;
22. Insufficient policy enforcement vulnerability in ServiceWorker component can be exploited remotely to execute arbitrary code;
23. Insufficient validation of untrusted input vulnerability in DevTools component can be exploited remotely to execute arbitrary code;

Пораженные продукты

Google Chrome earlier than 72.0.3626.81

Решение

Update to the latest version
Google Chrome download page

Первичный источник обнаружения

Stable Channel Update for Desktop

Оказываемое влияние

?

ACE

[?]

DoS

[?]

Связанные продукты

Google Chrome

CVE-IDS

Узнай статистику распространения уязвимостей в твоем регионе

Дата обнаружения	29/01/2019
Уровень угрозы	Critical
Описание	Multiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to execute arbitrary code, bypass security restrictions. Below is a complete list of vulnerabilities: Inappropriate implementation vulnerability in QUIC Networking component can be exploited to execute arbitrary code; Inappropriate implementation vulnerability in V8 component can be exploited to execute arbitrary code; Use after free vulnerability in PDFium component can be exploited remotely to execute arbitrary code; Type Confusion vulnerability in SVG component can be exploited remotely to execute arbitrary code; Use after free vulnerability in Blink component can be exploited remotely to execute arbitrary code; Use after free vulnerability in HTML select elements can be exploited remotely to execute arbitrary code; Use after free vulnerability in WebRTC component can be exploited remotely to execute arbitrary code; Use after free vulnerability in SwiftShader component can be exploited remotely to execute arbitrary code; Insufficient validation vulnerability in V8 component can be exploited remotely to execute arbitrary code; Insufficient policy enforcement vulnerability in browser can be exploited remotely to execute arbitrary code; Stack buffer overflow vulnerability in Skia component can be exploited remotely to bypass security restrictions; Insufficient policy enforcement vulnerability in Canvas component can be exploited remotely to execute arbitrary code; Incorrect security vulnerability of UI in WebAPKs component can be exploited remotely to execute arbitrary code; Insufficient policy enforcement vulnerability in DevTools component can be exploited remotely to execute arbitrary code; Insufficient validation of untrusted input vulnerability in Blink component can be exploited remotely to execute arbitrary code; Heap buffer overflow vulnerability in WebGL component can be exploited remotely to execute arbitrary code; Heap buffer overflow vulnerability in SwiftShader component can be exploited remotely to execute arbitrary code; Insufficient data validation vulnerability in IndexedDB component can be exploited remotely to execute arbitrary code; Insufficient validation of untrusted input vulnerability in SafeBrowsing component can be exploited remotely to execute arbitrary code; Insufficient policy enforcement vulnerability in Omnibox component can be exploited remotely to execute arbitrary code; Insufficient policy enforcement vulnerability in Extensions component can be exploited remotely to execute arbitrary code; Insufficient policy enforcement vulnerability in ServiceWorker component can be exploited remotely to execute arbitrary code; Insufficient validation of untrusted input vulnerability in DevTools component can be exploited remotely to execute arbitrary code;
Пораженные продукты	Google Chrome earlier than 72.0.3626.81
Решение	Update to the latest version Google Chrome download page
Первичный источник обнаружения	Stable Channel Update for Desktop
Оказываемое влияние ?	ACE [?] DoS [?]
Связанные продукты	Google Chrome
CVE-IDS	CVE-2019-57544.3Warning CVE-2019-57826.8High CVE-2019-57555.8High CVE-2019-57566.8High CVE-2019-57576.8High CVE-2019-57586.8High CVE-2019-57596.8High CVE-2019-57606.8High CVE-2019-57616.8High CVE-2019-57626.8High CVE-2019-57636.8High CVE-2019-57646.8High CVE-2019-57654.3Warning CVE-2019-57854.3Warning CVE-2019-57664.3Warning CVE-2019-57674.3Warning CVE-2019-57684.3Warning CVE-2019-57696.8High CVE-2019-57706.8High CVE-2019-57716.8High CVE-2019-57726.8High CVE-2019-57734.3Warning CVE-2019-57746.8High CVE-2019-57754.3Warning CVE-2019-57764.3Warning CVE-2019-57774.3Warning CVE-2019-57784.3Warning CVE-2019-57794.3Warning CVE-2019-57804.6Warning CVE-2019-57836.8High CVE-2019-57814.3Warning CVE-2019-136842.6Warning CVE-2018-200732.1Warning
	Узнай статистику распространения уязвимостей в твоем регионе

KLA11413Multiple vulnerabilities in Google Chrome

KLA11413
Multiple vulnerabilities in Google Chrome