• Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Threat Advisory – Oracle Linux update for kernel-uek
October 12, 2018
Rewterz Threat Advisory – Oracle Java SE Embedded Multiple Vulnerabilities
October 17, 2018

Rewterz Threat Advisory – Google Chrome Multiple Vulnerabilities

October 17, 2018

Multiple vulnerabilities were found in Google Chrome that could be exploited for security bypass, information disclosure, spoofing attacks and system compromise.

 

 

IMPACT:  CRITICAL

 

 

PUBLISH DATE:  17-10-2018

 

 

OVERVIEW

 

 

A total of 23 vulnerabilities have been discovered in Google Chrome most of which can be exploited to launch spoofing attacks, bypass certain security restrictions and regulations, compromise vulnerable systems or reveal confidential or sensitive information. The impact of some of the vulnerabilities is still unknown. The Chrome team has fixed the vulnerabilities in an update.

 

 

ANALYSIS

 

 

The following CVE numbers indicate the vulnerabilities found in Google Chrome. However, Chrome will not release extensive details about the issues until a major percentage of users have updated their software.

 

 

CVE-2018-17470

CVE-2018-17471

CVE-2018-17463

CVE-2018-17462

CVE-2018-17464

CVE-2018-17474

CVE-2018-17468

CVE-2018-17475

CVE-2018-17477

CVE-2018-17469

CVE-2018-5179

CVE-2018-17476

CVE-2018-17467

CVE-2018-17465

CVE-2018-17473

CVE-2018-17466

 

 

Here’s a brief overview of the issues found in Chrome.

 

1)    Sandbox restrictions can be bypassed due to an error in AppCache.

 

2)   An error in V8 may lead to execution of arbitrary code.

 

3)   An error related to Little CMS in PDFium can be exploited to cause a heap-based buffer overflow.

 

4)   URL can be spoofed due to an error in Omnibox.

 

5)   V8 contains a use-after-free error.

 

6) An error in Angle can be exploited for memory corruption.

 

7) A URL cross-origin will be disclosed, following an exploitation of an error in PDFium.

 

8) An error in GPU internals can be exploited to corrupt memory.

 

9) An error related to full screen mode can be exploited to occlude an otherwise restricted Security UI.

 

10) Blink contains a use-after-free error.

 

11) Successful exploitation of the vulnerabilities #3, #5, #6, #9, #10, and #13 may lead to arbitrary code execution.

 

12) An unspecified error related to limits and the “update()” function in ServiceWorker exists. No further information is currently available.

 

13) An error in Extensions can be exploited to spoof the UI.

 

14) Multiple unspecified errors exist. No further information is available.

 

 

AFFECTED PRODUCTS

 

 

Google Chrome 69.x

 

UPDATES

 

 

Most of the vulnerabilities have high impacts and Chrome recommends that users should upgrade to version 70.0.3538.67 as soon as possible.

 

  • Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.