TTCSIRT-172.101618: TT-CSIRT Advisory – Chrome Security Updates

TTCSIRT-172.101618: TT-CSIRT Advisory – Chrome Security Updates

Google has released a security update stating that the following vulnerabilities have been discovered in Google Chrome:

a) Cross-origin URL disclosure in Blink – (CVE-2018-17468).

b) Heap buffer overflow in PDFium – (CVE-2018-17469).

c) iframe sandbox escape on iOS – (CVE-2018-17472).

d) Lack of limits on update() in ServiceWorker – (CVE-2018-5179).

e) Memory corruption in Angle – (CVE-2018-17466).

f) Memory corruption in GPU Internals – (CVE-2018-17470).

g) Remote code execution in V8 – (CVE-2018-17463).

h) Sandbox escape in AppCache – (CVE-2018-17462).

i) Security UI occlusion in full screen mode – (CVE-2018-17471, CVE-2018-17476).

j) UI spoof in Extensions – (CVE-2018-17477).

k) URL spoof in Omnibox – (CVE-2018-17467, CVE-2018-17464, CVE-2018-17475, CVE-2018-17473).

l) Use after free in Blink – (CVE-2018-17474).

m) Use after free in V8 – (CVE-2018-17465).

Successful exploitation of the most severe of these vulnerabilities could allow an attacker to execute remote code in through the browser and depending on the privileges associated with the application, an attacker could install programs; view, change, or delete data; or create new accounts with full user rights.

Further information on these vulnerabilities and how they can be mitigated can be found on Google Chrome Website at https://chromereleases.googleblog.com/search/label/Stable%20updates