Government of the Republic of Trinidad and Tobago                                                                                                                                        


News

TTCSIRT-220.080619: TT-CSIRT Advisory – Chrome Security Updates

6th August 2019

Google has released a security update sting that it has discovered in the following vulnerabilities in Google Chrome:

a) Insufficient checks on filesystem – (CVE-2019-5856).

b) Insufficient filtering of Open URL service parameters – (CVE-2019-5858).

c) Insufficient port filtering in CORS for extensions – (CVE-2019-5864).

d) Integer overflow in PDFium – (CVE-2019-5855).

e) Integer overflow in PDFium text rendering – (CVE-2019-5854).

f) Memory corruption in regexp length check – (CVE-2019-5853).

g) Object leak of utility functions – (CVE-2019-5852).

Successful exploitation of the most severe of these vulnerabilities could allow an attacker to execute arbitrary code in the context of the browser, obtain sensitive information, bypass security restrictions, perform unauthorized actions or cause denial-of-service conditions.

Further information on these vulnerabilities and how they can be mitigated can be found on the Google Chrome Website at https://chromereleases.googleblog.com/2019/07/stable-channel-update-for-desktop_30.html