Google Chrome Multiple Flaws Let Remote Bypass Security Restrictions and Execute Arbitrary Code - SecurityTracker

Home | View Topics | Search | Contact Us |

SecurityTracker
Archives

Category: Application (Web Browser) > Google Chrome

Vendors: Google

Google Chrome Multiple Flaws Let Remote Bypass Security Restrictions and Execute Arbitrary Code

SecurityTracker Alert ID: 1039291

SecurityTracker URL: http://securitytracker.com/id/1039291

CVE Reference: CVE-2017-5111, CVE-2017-5112, CVE-2017-5113, CVE-2017-5114, CVE-2017-5115, CVE-2017-5116, CVE-2017-5117, CVE-2017-5118, CVE-2017-5119, CVE-2017-5120 (Links to External Site)

Date: Sep 7 2017

Impact: Execution of arbitrary code via network, User access via network

Fix Available: Yes Vendor Confirmed: Yes

Description: Multiple vulnerabilities were reported in Google Chrome. A remote user can cause arbitrary code to be executed on the target user's system. A remote user can bypass security controls on the target system.

A remote user can create specially crafted content that, when loaded by the target user, will execute arbitrary code on the target user's system.

A use-after-free may occur in PDFium [CVE-2017-5111].

A heap buffer overflow may occur in WebGL [CVE-2017-5112].

A heap buffer overflow may occur in Skia [CVE-2017-5113].

A memory lifecycle error may occur in PDFium [CVE-2017-5114].

A type confusion error may occur in V8 [CVE-2017-5115, CVE-2017-5116].

An uninitialized value error may occur in Skia [CVE-2017-5117, CVE-2017-5119].

A remote user can bypass security controls on the target system.

A remote user can bypass Content Security Policy in Blink [CVE-2017-5118].

A remote user may be able to downgrade HTTPS security during redirect navigation [CVE-2017-5120].

Luat Nguyen (@l4wio) of KeenLab, Tencent, Tobias Klein (www.trapkit.de), Anonymous, Ke Liu of Tencent's Xuanwu LAB, Xiaoyin Liu (@general_nfs), Marco Giovannini, Guang Gong of Alpha Team, Qihoo 360, and WenXu Wu of Tencent's Xuanwu Lab reported these vulnerabilities.

Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.

A remote user can bypass security controls on the target system.

Solution: The vendor has issued a fix (61.0.3163.79).

The vendor advisory is available at:

https://chromereleases.googleblog.com/2017/09/stable-channel-update-for-desktop.html

Vendor URL: chromereleases.googleblog.com/2017/09/stable-channel-update-for-desktop.html (Links to External Site)

Cause: Access control error, Boundary error

Underlying OS: Linux (Any), UNIX (macOS/OS X), Windows (Any)

Message History: None.

Source Message Contents

Subject: https://chromereleases.googleblog.com/2017/09/stable-channel-update-for-desktop.html

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us
This web site uses cookies for web analytics. Learn More
Copyright 2019, SecurityGlobal.net LLC