Rewterz Threat Advisory – CVE-2019-18226 – ICS: Honeywell equIP and Performance Series IP Cameras and Recorders Authentication Bypass Vulnerability
November 1, 2019Rewterz Threat Alert – RattleSnake Targets Pakistan Navy
November 1, 2019Rewterz Threat Advisory – CVE-2019-18226 – ICS: Honeywell equIP and Performance Series IP Cameras and Recorders Authentication Bypass Vulnerability
November 1, 2019Rewterz Threat Alert – RattleSnake Targets Pakistan Navy
November 1, 2019Severity
High
Analysis Summary
Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could result in arbitrary code execution. These vulnerabilities can be exploited if a user visits, or is redirected to, a specially crafted web page.
- Use-after-free in audio (CVE-2019-13720)
- Use-after-free in PDFium (CVE-2019-13721)
Successful exploitation of the most severe of these vulnerabilities could allow an attacker to execute arbitrary code in the context of the browser, obtain sensitive information, bypass security restrictions and perform unauthorized actions, or cause denial-of-service conditions.
Impact
- Execution of arbitrary code
- Denial of service
Affected Vendors
Affected Products
Google Chrome versions prior to 78.0.3904.87
Remediation
Apply the stable channel update provided by Google to vulnerable systems immediately after appropriate testing.
Version 78.0.3904.87