Rewterz Threat Alert – Phishing Awareness For Employees and Customers of the Banking Industry
January 30, 2019Rewterz Threat Alert – New LockerGoga Ransomware used in Cyber Attacks in Multiple Countries
January 31, 2019Rewterz Threat Alert – Phishing Awareness For Employees and Customers of the Banking Industry
January 30, 2019Rewterz Threat Alert – New LockerGoga Ransomware used in Cyber Attacks in Multiple Countries
January 31, 2019SEVERITY: HIGH
CATEGORY: Vulnerability
ANALYSIS SUMMARY
Google has released security updates for Google Chrome addressing multiple vulnerabilities that an attacker could exploit to take control of an affected system. There are 58 security fixes in the new version for Windows, Mac and Linux. Following vulnerabilities ranging from Medium to High severity have been addressed.
CVE-2019-5754: Inappropriate implementation in QUIC Networking
CVE-2019-5755: Inappropriate implementation in V8
CVE-2019-5756: Use after free in PDFium
CVE-2019-5757: Type Confusion in SVG
CVE-2019-5758: Use after free in Blink.
CVE-2019-5759: Use after free in HTML select elements.
CVE-2019-5760: Use after free in WebRTC
CVE-2019-5761: Use after free in SwiftShader
CVE-2019-5762: Use after free in PDFium
CVE-2019-5763: Insufficient validation of untrusted input in V8.
CVE-2019-5764: Use after free in WebRTC
CVE-2019-5765: Insufficient policy enforcement in the browser.
CVE-2019-5766: Insufficient policy enforcement in Canvas.
CVE-2019-5767: Incorrect security UI in WebAPKs.
CVE-2019-5768: Insufficient policy enforcement in DevTools.
CVE-2019-5769: Insufficient validation of untrusted input in Blink.
CVE-2019-5770: Heap buffer overflow in WebGL
CVE-2019-5771: Heap buffer overflow in SwiftShader
CVE-2019-5772: Use after free in PDFium
CVE-2019-5773: Insufficient data validation in IndexedDB.
CVE-2019-5774: Insufficient validation of untrusted input in SafeBrowsing.
CVE-2019-5775: Insufficient policy enforcement in Omnibox.
CVE-2019-5776: Insufficient policy enforcement in Omnibox.
CVE-2019-5777: Insufficient policy enforcement in Omnibox.
CVE-2019-5778: Insufficient policy enforcement in Extensions.
CVE-2019-5779: Insufficient policy enforcement in ServiceWorker.
CVE-2019-5780: Insufficient policy enforcement
CVE-2019-5781: Insufficient policy enforcement in Omnibox.
CVE-2019-5782: Inappropriate implementation in V8
Other issues addressed in the update include:
Use after free in FileAPI
Use after free in Mojo interface
Use after free in Payments.
Stack buffer overflow in Skia
Attackers can exploit these issues to execute arbitrary code in the context of the browser, bypass security restrictions and possibly take control of a system.
IMPACT
Code Execution
Security Bypass
System Access
REMEDIATION
Update to the latest version: Chrome 72.0.3626.81 for Windows, Mac and Linux, which contains a number of fixes and improvements.
If you think you’re a victim of a cyber-attack, immediately send an email to soc@rewterz.com.