TTCSIRT-117.051418: TT-CSIRT Advisory – Chrome Security Updates
Google has released a security update stating that the following vulnerabilities have been discovered in Google Chrome:
a) Heap buffer overflow in PDFium – (CVE-2018-6120)
b) Privilege escalation in extensions – (CVE-2018-6121)
c) Type confusion in V8 – (CVE-2018-6122)
d) Chain leading to sandbox escape
Successful exploitation of the most severe of these vulnerabilities could allow an attacker to execute arbitrary code in the context of the browser, obtain sensitive information, bypass security restrictions and perform unauthorized actions or cause denial-of-service conditions.
| Further information on these vulnerabilities and how they can be mitigated can be found on the Chrome Website at https://chromereleases.googleblog.com/2018/05/stable-channel-update-for-desktop.html |