SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Web Browser)  >   Google Chrome Vendors:   Google
Google Chrome Multiple Flaws Let Remote Bypass Security Restrictions, Spoof URLs, Obtain Potentially Sensitive Information, and Execute Arbitrary Code
SecurityTracker Alert ID:  1041014
SecurityTracker URL:  http://securitytracker.com/id/1041014
CVE Reference:   CVE-2018-6123, CVE-2018-6124, CVE-2018-6125, CVE-2018-6126, CVE-2018-6127, CVE-2018-6128, CVE-2018-6129, CVE-2018-6130, CVE-2018-6131, CVE-2018-6132, CVE-2018-6133, CVE-2018-6134, CVE-2018-6135, CVE-2018-6136, CVE-2018-6137, CVE-2018-6138, CVE-2018-6139, CVE-2018-6140, CVE-2018-6141, CVE-2018-6142, CVE-2018-6143, CVE-2018-6144, CVE-2018-6145, CVE-2018-6147   (Links to External Site)
Date:  Jun 1 2018
Impact:   Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of system information, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   Multiple vulnerabilities were reported in Google Chrome. A remote user can cause arbitrary code to be executed on the target user's system. A remote user can bypass security controls on the target system. A remote user can obtain potentially sensitive information on the target system. A remote user can spoof URLs.

A remote user can create specially crafted content that, when loaded by the target user, will execute arbitrary code on the target user's system.

A use-after-free memory error may occur in Blink [CVE-2018-6123].

A type confusion error may occur in Blink [CVE-2018-6124].

A heap buffer overflow error may occur in Skia [CVE-2018-6126].

A use-after-free memory error may occur in indexedDB [CVE-2018-6127].

A UXSS error may occur in Chrome on iOS [CVE-2018-6128].

An out-of-bounds memory access error may occur in WebRTC [CVE-2018-6129, CVE-2018-6130].

An incorrect mutability protection error may occur in WebAssembly [CVE-2018-6131].

A use of uninitialized memory error may occur in WebRTC [CVE-2018-6132].

A URL spoofing error may occur in Omnibox [CVE-2018-6133].

A referrer Policy bypass error may occur in Blink [CVE-2018-6134].

A UI spoofing error may occur in Blink [CVE-2018-6135].

An out-of-bounds memory access error may occur in V8 [CVE-2018-6136].

A leak of visited status of page error may occur in Blink [CVE-2018-6137].

An overly permissive policy error may occur in Extensions [CVE-2018-6138].

A restrictions bypass error may occur in the debugger extension API [CVE-2018-6139, CVE-2018-6140].

A heap buffer overflow error may occur in Skia [CVE-2018-6141].

An out-of-bounds memory access error may occur in V8 [CVE-2018-6142, CVE-2018-6143].

An out-of-bounds memory access error may occur in PDFium [CVE-2018-6144].

An incorrect escaping of MathML error may occur in Blink [CVE-2018-6145].

Password fields do not take advantage of OS protections in Views [CVE-2018-6147].

Looben Yang, Guang Gong of Alpha Team, Qihoo 360, Yubico, Inc, Ivan Fratric of Google Project Zero, Tomasz Bojarski, Natalie Silvanovich of Google Project Zero, Ronald E. Crane, Khalil Zhani, Jun Kokatsu (@shhnjk), Jasper Rebane, Peter Wong, Michael Smith (spinda.net), Francois Lajeunesse-Robert, Rob Wu, Yangkang(@dnpushme) & Wanglu of Qihoo360 Qex Team, Choongwoo Han of Naver Corporation, pdknsk, Masato Kinugawa, and Michail Pishchagin (Yandex) reported these vulnerabilities.

Impact:   A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.

A remote user can bypass security controls on the target system.

A remote user can obtain potentially sensitive information on the target system.

A remote user can spoof a URL.

Solution:   The vendor has issued a fix (67.0.3396.62).

The vendor advisory is available at:

https://chromereleases.googleblog.com/2018/05/stable-channel-update-for-desktop_58.html

Vendor URL:  chromereleases.googleblog.com/2018/05/stable-channel-update-for-desktop_58.html (Links to External Site)
Cause:   Access control error, Boundary error, Input validation error, State error
Underlying OS:  Linux (Any), UNIX (macOS/OS X), Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  https://chromereleases.googleblog.com/2018/05/stable-channel-update-for-desktop_58.html

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC