Multiple vulnerabilities were found in Google Chrome that could be exploited for security bypass, information disclosure, spoofing attacks and system compromise.
PUBLISH DATE: 17-10-2018
A total of 23 vulnerabilities have been discovered in Google Chrome most of which can be exploited to launch spoofing attacks, bypass certain security restrictions and regulations, compromise vulnerable systems or reveal confidential or sensitive information. The impact of some of the vulnerabilities is still unknown. The Chrome team has fixed the vulnerabilities in an update.
The following CVE numbers indicate the vulnerabilities found in Google Chrome. However, Chrome will not release extensive details about the issues until a major percentage of users have updated their software.
Here’s a brief overview of the issues found in Chrome.
1) Sandbox restrictions can be bypassed due to an error in AppCache.
2) An error in V8 may lead to execution of arbitrary code.
3) An error related to Little CMS in PDFium can be exploited to cause a heap-based buffer overflow.
4) URL can be spoofed due to an error in Omnibox.
5) V8 contains a use-after-free error.
6) An error in Angle can be exploited for memory corruption.
7) A URL cross-origin will be disclosed, following an exploitation of an error in PDFium.
8) An error in GPU internals can be exploited to corrupt memory.
9) An error related to full screen mode can be exploited to occlude an otherwise restricted Security UI.
10) Blink contains a use-after-free error.
11) Successful exploitation of the vulnerabilities #3, #5, #6, #9, #10, and #13 may lead to arbitrary code execution.
12) An unspecified error related to limits and the “update()” function in ServiceWorker exists. No further information is currently available.
13) An error in Extensions can be exploited to spoof the UI.
14) Multiple unspecified errors exist. No further information is available.
Google Chrome 69.x
Most of the vulnerabilities have high impacts and Chrome recommends that users should upgrade to version 70.0.3538.67 as soon as possible.