TTCSIRT-054.101917: TT-CSIRT Advisory – Chrome Security Updates
Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could result in arbitrary code execution. These vulnerabilities can be exploited if a user visits, or is redirected to, a specially crafted web page. Details of the vulnerabilities are as follows:
a)UXSS with MHTML – (CVE-2017-5124)
b)Heap overfin Skia – (CVE-2017-5125)
c) Use after free in PDFium – (CVE-2017-5126)
d) Use after free in PDFium – (CVE-2017-5127)
e) Heap overflow in WebGL – (CVE-2017-5128)
f) Use after free in WebAudio – (CVE-2017-5129)
g) Incorrect stack manipulation in WebAssembly- (CVE-2017-5132)
h) Heap overfin libxml2 – (CVE-2017-5130)
i) Out of bounds write in Skia – (CVE-2017-5131)
j) Out of bounds write in Skia – (CVE-2017-5133)
k) UI spoofing in Blink – (CVE-2017-15386)
l) Content security bypass – (CVE-2017-15387)
m) Out of bounds read in Skia – (CVE-2017-15388)
n) URL spoofing in OmniBox – (CVE-2017-15389)
o) URL spoofing in OmniBox – (CVE-2017-15390)
p) Extension limitation bypass in Extensions – (CVE-2017-15391)
q) Incorrect registry key handling in PlatformIntegration – (CVE-2017-15392)
r) Referrer leak in Devtools – (CVE-2017-15393)
s) URL spoofing in extensions UI – (CVE-2017-15394)
t) Null pointer dereference in ImageCapture – (CVE-2017-15395)
Further information on these vulnerabilities and how they can be fixed can be found at https://www.cisecurity.org/advisory/multiple-vulnerabilities-in-google-chrome-could-allow-for-arbitrary-code-execution_2017-102/