Rewterz Threat Advisory – CVE-2019-14835 – Linux Kernel vhost function privilege escalation Vulnerability
September 19, 2019Rewterz Threat Advisory – ICS: Tridium Niagara Information Disclosure Vulnerabilities
September 20, 2019Rewterz Threat Advisory – CVE-2019-14835 – Linux Kernel vhost function privilege escalation Vulnerability
September 19, 2019Rewterz Threat Advisory – ICS: Tridium Niagara Information Disclosure Vulnerabilities
September 20, 2019Severity
High
Analysis Summary
Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could result in arbitrary code execution. These vulnerabilities can be exploited if a user visits, or is redirected to, a specially crafted web page.
CVE-2019-13685 (Use-after-free in UI)
CVE-2019-13686 (Use-after-free in error)
CVE-2019-13687 (Use-after-free in media)
CVE-2019-13688 (Use-after-free in media)
Successful exploitation of the most severe of these vulnerabilities could allow an attacker to execute arbitrary code in the context of the browser, obtain sensitive information, bypass security restrictions and perform unauthorized actions, or cause denial-of-service conditions.
Impact
- Arbitrary Code Execution
- Exposure of sensitive information
- Credential theft
- Denial of service
Affected Vendors
Affected Products
Google Chrome versions prior to 77.0.3865.90
Remediation
Update to version 77.0.3865.90.