Platform
Managed Security Services
Managed Penetration Testing
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Resources
May 30, 2023
Severity High Analysis Summary Recently, researchers discovered an advanced phishing method called “file archiver in the browser” that exploits .ZIP domains to deceive unsuspecting individuals. This […]May 28, 2023Severity High Analysis Summary An email protection and network security services provider has issued a warning regarding a zero-day vulnerability that has been exploited to compromise […]May 26, 2023Severity High Analysis Summary CVE-2023-32165 CVSS:9.8 D-Link D-View could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in TftpReceiveFileHandler […]Threat Insights
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Connect with Us
Platform
Managed Security Services
Managed Penetration Testing
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Resources
May 30, 2023Severity High Analysis Summary Recently, researchers discovered an advanced phishing method called “file archiver in the browser” that exploits .ZIP domains to deceive unsuspecting individuals. This […]May 28, 2023Severity High Analysis Summary An email protection and network security services provider has issued a warning regarding a zero-day vulnerability that has been exploited to compromise […]May 26, 2023Severity High Analysis Summary CVE-2023-32165 CVSS:9.8 D-Link D-View could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in TftpReceiveFileHandler […]Threat Insights
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Connect with Us
Rewterz Threat Advisory – Oracle Linux update for kernel-uek
October 12, 2018Rewterz Threat Advisory – Oracle Java SE Embedded Multiple Vulnerabilities
October 17, 2018
Multiple vulnerabilities were found in Google Chrome that could be exploited for security bypass, information disclosure, spoofing attacks and system compromise.
IMPACT: CRITICAL
PUBLISH DATE: 17-10-2018
OVERVIEW
A total of 23 vulnerabilities have been discovered in Google Chrome most of which can be exploited to launch spoofing attacks, bypass certain security restrictions and regulations, compromise vulnerable systems or reveal confidential or sensitive information. The impact of some of the vulnerabilities is still unknown. The Chrome team has fixed the vulnerabilities in an update.
ANALYSIS
The following CVE numbers indicate the vulnerabilities found in Google Chrome. However, Chrome will not release extensive details about the issues until a major percentage of users have updated their software.
CVE-2018-17470
CVE-2018-17471
CVE-2018-17463
CVE-2018-17462
CVE-2018-17464
CVE-2018-17474
CVE-2018-17468
CVE-2018-17475
CVE-2018-17477
CVE-2018-17469
CVE-2018-5179
CVE-2018-17476
CVE-2018-17467
CVE-2018-17465
CVE-2018-17473
CVE-2018-17466
Here’s a brief overview of the issues found in Chrome.
1) Sandbox restrictions can be bypassed due to an error in AppCache.
2) An error in V8 may lead to execution of arbitrary code.
3) An error related to Little CMS in PDFium can be exploited to cause a heap-based buffer overflow.
4) URL can be spoofed due to an error in Omnibox.
5) V8 contains a use-after-free error.
6) An error in Angle can be exploited for memory corruption.
7) A URL cross-origin will be disclosed, following an exploitation of an error in PDFium.
8) An error in GPU internals can be exploited to corrupt memory.
9) An error related to full screen mode can be exploited to occlude an otherwise restricted Security UI.
10) Blink contains a use-after-free error.
11) Successful exploitation of the vulnerabilities #3, #5, #6, #9, #10, and #13 may lead to arbitrary code execution.
12) An unspecified error related to limits and the “update()” function in ServiceWorker exists. No further information is currently available.
13) An error in Extensions can be exploited to spoof the UI.
14) Multiple unspecified errors exist. No further information is available.
AFFECTED PRODUCTS
Google Chrome 69.x
UPDATES
Most of the vulnerabilities have high impacts and Chrome recommends that users should upgrade to version 70.0.3538.67 as soon as possible.