Kaspersky Threats

Дата обнаружения

14/07/2020

Уровень угрозы

Critical

Описание

Multiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to obtain sensitive information, cause denial of service, bypass security restrictions.

Below is a complete list of vulnerabilities:

Incorrect security UI vulnerability in PWAs can be exploited to obtain sensitive information.
Inappropriate implementation vulnerability in WebRTC can be exploited to potentially denial of service.
Use after free vulnerability in developer tools can be exploited to potentially denial of service and bypass security restrictions.
Heap buffer overflow vulnerability in Skia can be exploited to potentially denial of service and bypass security restrictions.
Heap buffer overflow vulnerability in Skiacan can be exploited to potentially denial of service and bypass security restrictions.
Inappropriate implementation vulnerability in external protocol handlers can be exploited to potentially denial of service.
Incorrect security UI vulnerability in basic auth can be exploited to obtain sensitive information.
Side-channel information leakage vulnerability in scroll to text can be exploited to obtain sensitive information.
Out of bounds write vulnerability in Skia can be exploited to potentially denial of service and bypass security restrictions.
Out of bounds vulnerability in developer tools can be exploited to potentially denial of service.
Heap buffer overflow vulnerability in background fetch can be exploited to potentially denial of service and bypass security restrictions.
Use after free vulnerability in tab strip can be exploited to potentially denial of service.
Side-channel information leakage vulnerability in content security policy can be exploited to obtain sensitive information.
Type Confusion vulnerability in V8 can be exploited to potentially denial of service.
Policy bypass vulnerability in CORS can be exploited to security bypass.
Insufficient policy enforcement vulnerability in CSP can be exploited to security bypass.
Policy bypass vulnerability in CSP can be exploited to security bypass.
Heap buffer overflow vulnerability in WebAudi can be exploited to potentially denial of service.
Inappropriate implementation vulnerability in iframe sandbox can be exploited to potentially denial of service.
Heap buffer overflow vulnerability in WebRTC can be exploited to potentially denial of service.
Insufficient data validation vulnerability in WebUI can be exploited to potentially denial of service.
Heap buffer overflow vulnerability in history can be exploited to potentially denial of service.
Side-channel information leakage vulnerability in autofill can be exploited to obtain sensitive information.
Inappropriate implementation vulnerability in WebRTC can be exploited to potentially denial of service.
Heap buffer overflow vulnerability in PDFium can be exploited to potentially denial of service.

Пораженные продукты

Google Chrome earlier than 84.0.4147.89

Решение

Update to the latest version
Download Google Chrome

Первичный источник обнаружения

Stable Channel Update for Desktop

Оказываемое влияние

?

OSI

[?]

DoS

[?]

SB

[?]

Связанные продукты

Google Chrome

CVE-IDS

Дата обнаружения	14/07/2020
Уровень угрозы	Critical
Описание	Multiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to obtain sensitive information, cause denial of service, bypass security restrictions. Below is a complete list of vulnerabilities: Incorrect security UI vulnerability in PWAs can be exploited to obtain sensitive information. Inappropriate implementation vulnerability in WebRTC can be exploited to potentially denial of service. Use after free vulnerability in developer tools can be exploited to potentially denial of service and bypass security restrictions. Heap buffer overflow vulnerability in Skia can be exploited to potentially denial of service and bypass security restrictions. Heap buffer overflow vulnerability in Skiacan can be exploited to potentially denial of service and bypass security restrictions. Inappropriate implementation vulnerability in external protocol handlers can be exploited to potentially denial of service. Incorrect security UI vulnerability in basic auth can be exploited to obtain sensitive information. Side-channel information leakage vulnerability in scroll to text can be exploited to obtain sensitive information. Out of bounds write vulnerability in Skia can be exploited to potentially denial of service and bypass security restrictions. Out of bounds vulnerability in developer tools can be exploited to potentially denial of service. Heap buffer overflow vulnerability in background fetch can be exploited to potentially denial of service and bypass security restrictions. Use after free vulnerability in tab strip can be exploited to potentially denial of service. Side-channel information leakage vulnerability in content security policy can be exploited to obtain sensitive information. Type Confusion vulnerability in V8 can be exploited to potentially denial of service. Policy bypass vulnerability in CORS can be exploited to security bypass. Insufficient policy enforcement vulnerability in CSP can be exploited to security bypass. Policy bypass vulnerability in CSP can be exploited to security bypass. Heap buffer overflow vulnerability in WebAudi can be exploited to potentially denial of service. Inappropriate implementation vulnerability in iframe sandbox can be exploited to potentially denial of service. Heap buffer overflow vulnerability in WebRTC can be exploited to potentially denial of service. Insufficient data validation vulnerability in WebUI can be exploited to potentially denial of service. Heap buffer overflow vulnerability in history can be exploited to potentially denial of service. Side-channel information leakage vulnerability in autofill can be exploited to obtain sensitive information. Inappropriate implementation vulnerability in WebRTC can be exploited to potentially denial of service. Heap buffer overflow vulnerability in PDFium can be exploited to potentially denial of service.
Пораженные продукты	Google Chrome earlier than 84.0.4147.89
Решение	Update to the latest version Download Google Chrome
Первичный источник обнаружения	Stable Channel Update for Desktop
Оказываемое влияние ?	OSI [?] DoS [?] SB [?]
Связанные продукты	Google Chrome
CVE-IDS	CVE-2020-65360.0Unknown CVE-2020-65290.0Unknown CVE-2020-65180.0Unknown CVE-2020-65200.0Unknown CVE-2020-65250.0Unknown CVE-2020-65220.0Unknown CVE-2020-65280.0Unknown CVE-2020-65310.0Unknown CVE-2020-65230.0Unknown CVE-2020-65300.0Unknown CVE-2020-65100.0Unknown CVE-2020-65150.0Unknown CVE-2020-65110.0Unknown CVE-2020-65330.0Unknown CVE-2020-65160.0Unknown CVE-2020-65270.0Unknown CVE-2020-65190.0Unknown CVE-2020-65240.0Unknown CVE-2020-65260.0Unknown CVE-2020-65340.0Unknown CVE-2020-65120.0Unknown CVE-2020-65350.0Unknown CVE-2020-65170.0Unknown CVE-2020-65210.0Unknown CVE-2020-65140.0Unknown CVE-2020-65130.0Unknown