Google Chrome Multiple Flaws Let Remote Bypass Security Restrictions and Execute Arbitrary Code
|
SecurityTracker Alert ID: 1039291 |
SecurityTracker URL: http://securitytracker.com/id/1039291
|
CVE Reference:
CVE-2017-5111, CVE-2017-5112, CVE-2017-5113, CVE-2017-5114, CVE-2017-5115, CVE-2017-5116, CVE-2017-5117, CVE-2017-5118, CVE-2017-5119, CVE-2017-5120
(Links to External Site)
|
Date: Sep 7 2017
|
Impact:
Execution of arbitrary code via network, User access via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
|
Description:
Multiple vulnerabilities were reported in Google Chrome. A remote user can cause arbitrary code to be executed on the target user's system. A remote user can bypass security controls on the target system.
A remote user can create specially crafted content that, when loaded by the target user, will execute arbitrary code on the target user's system.
A use-after-free may occur in PDFium [CVE-2017-5111].
A heap buffer overflow may occur in WebGL [CVE-2017-5112].
A heap buffer overflow may occur in Skia [CVE-2017-5113].
A memory lifecycle error may occur in PDFium [CVE-2017-5114].
A type confusion error may occur in V8 [CVE-2017-5115, CVE-2017-5116].
An uninitialized value error may occur in Skia [CVE-2017-5117, CVE-2017-5119].
A remote user can bypass security controls on the target system.
A remote user can bypass Content Security Policy in Blink [CVE-2017-5118].
A remote user may be able to downgrade HTTPS security during redirect navigation [CVE-2017-5120].
Luat Nguyen (@l4wio) of KeenLab, Tencent, Tobias Klein (www.trapkit.de), Anonymous, Ke Liu of Tencent's Xuanwu LAB, Xiaoyin Liu (@general_nfs), Marco Giovannini, Guang Gong of Alpha Team, Qihoo 360, and WenXu Wu of Tencent's Xuanwu Lab reported these vulnerabilities.
|
Impact:
A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
A remote user can bypass security controls on the target system.
|
Solution:
The vendor has issued a fix (61.0.3163.79).
The vendor advisory is available at:
https://chromereleases.googleblog.com/2017/09/stable-channel-update-for-desktop.html
|
Vendor URL: chromereleases.googleblog.com/2017/09/stable-channel-update-for-desktop.html (Links to External Site)
|
Cause:
Access control error, Boundary error
|
Underlying OS: Linux (Any), UNIX (macOS/OS X), Windows (Any)
|
|
Message History:
None.
|
Source Message Contents
|
Subject: https://chromereleases.googleblog.com/2017/09/stable-channel-update-for-desktop.html
|
|
|