Rewterz Threat Advisory – Oracle Linux update for kernel-uek
October 12, 2018Rewterz Threat Advisory – Oracle Java SE Embedded Multiple Vulnerabilities
October 17, 2018Rewterz Threat Advisory – Oracle Linux update for kernel-uek
October 12, 2018Rewterz Threat Advisory – Oracle Java SE Embedded Multiple Vulnerabilities
October 17, 2018Multiple vulnerabilities were found in Google Chrome that could be exploited for security bypass, information disclosure, spoofing attacks and system compromise.
IMPACT: CRITICAL
PUBLISH DATE: 17-10-2018
OVERVIEW
A total of 23 vulnerabilities have been discovered in Google Chrome most of which can be exploited to launch spoofing attacks, bypass certain security restrictions and regulations, compromise vulnerable systems or reveal confidential or sensitive information. The impact of some of the vulnerabilities is still unknown. The Chrome team has fixed the vulnerabilities in an update.
ANALYSIS
The following CVE numbers indicate the vulnerabilities found in Google Chrome. However, Chrome will not release extensive details about the issues until a major percentage of users have updated their software.
CVE-2018-17470
CVE-2018-17471
CVE-2018-17463
CVE-2018-17462
CVE-2018-17464
CVE-2018-17474
CVE-2018-17468
CVE-2018-17475
CVE-2018-17477
CVE-2018-17469
CVE-2018-5179
CVE-2018-17476
CVE-2018-17467
CVE-2018-17465
CVE-2018-17473
CVE-2018-17466
Here’s a brief overview of the issues found in Chrome.
1) Sandbox restrictions can be bypassed due to an error in AppCache.
2) An error in V8 may lead to execution of arbitrary code.
3) An error related to Little CMS in PDFium can be exploited to cause a heap-based buffer overflow.
4) URL can be spoofed due to an error in Omnibox.
5) V8 contains a use-after-free error.
6) An error in Angle can be exploited for memory corruption.
7) A URL cross-origin will be disclosed, following an exploitation of an error in PDFium.
8) An error in GPU internals can be exploited to corrupt memory.
9) An error related to full screen mode can be exploited to occlude an otherwise restricted Security UI.
10) Blink contains a use-after-free error.
11) Successful exploitation of the vulnerabilities #3, #5, #6, #9, #10, and #13 may lead to arbitrary code execution.
12) An unspecified error related to limits and the “update()” function in ServiceWorker exists. No further information is currently available.
13) An error in Extensions can be exploited to spoof the UI.
14) Multiple unspecified errors exist. No further information is available.
AFFECTED PRODUCTS
Google Chrome 69.x
UPDATES
Most of the vulnerabilities have high impacts and Chrome recommends that users should upgrade to version 70.0.3538.67 as soon as possible.