SB2018072705 - Multiple vulnerabilities in Google Chrome
Published: July 27, 2018 Updated: July 1, 2021
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 32 vulnerabilities.
1) Information disclosure (CVE-ID: CVE-2018-4117)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists due to input validation flaw in the WebKit component fetch API. A remote attacker can bypass cross-origin restrictions and obtain potentially sensitive information.
2) Privilege escalation (CVE-ID: CVE-2018-6044)
CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local atacaker to gain elevated privileges on the target system.
The weakness exists due to unspecified flaw. A local attacker can use specially crafted extensions and gain elevated privileges to conduct further attacks.
3) Information disclosure (CVE-ID: CVE-2018-6150)
CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists due to unspecified flaw. A remote attacker can trick the victim into visiting a specially crafted website and gain access to arbitrary data.
4) Improper input validation (CVE-ID: CVE-2018-6151)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists due to bad cast in DevTools. A remote attacker can trick the victim into visiting a specially crafted website and cause the service to crash.
5) Improper input validation (CVE-ID: CVE-2018-6152)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local attacker to cause DoS condition on the target system.
The weakness exists due to local file write in DevTools. A local attacker can write arbitrary files and cause the service to crash.
6) Stack-based buffer overflow (CVE-ID: CVE-2018-6153)
CWE-ID: CWE-121 - Stack-based buffer overflow
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to stack-based buffer overflow in Skia when handling malicious input. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
7) Heap-based buffer overflow (CVE-ID: CVE-2018-6154)
CWE-ID: CWE-122 - Heap-based Buffer Overflow
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to heap-based buffer overflow in WebGL when handling malicious input. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
8) Use-after-free error (CVE-ID: CVE-2018-6155)
CWE-ID: CWE-416 - Use After Free
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to use-after-free error in WebRTC when handling malicious input. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
9) Heap-based buffer overflow (CVE-ID: CVE-2018-6156)
CWE-ID: CWE-122 - Heap-based Buffer Overflow
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to heap-based buffer overflow in WebRTC when handling malicious input. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
10) Type confusion (CVE-ID: CVE-2018-6157)
CWE-ID: CWE-843 - Type confusion
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to type confusion in WebRTC when handling malicious input. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
11) Use-after-free error (CVE-ID: CVE-2018-6158)
CWE-ID: CWE-416 - Use After Free
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists due to use-after-free error in Blink when handling malicious input. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and cause the service to crash.
12) Security restrictions bypass (CVE-ID: CVE-2018-6159)
CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to bypass security restrictions on the target system.
The weakness exists due to an error when handling malicious input. A remote attacker can trick the victim into visiting a specially crafted website and bypass same origin policy in ServiceWorker.
13) Security restrictions bypass (CVE-ID: CVE-2018-6161)
CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to bypass security restrictions on the target system.
The weakness exists due to an error when handling malicious input. A remote attacker can trick the victim into visiting a specially crafted website and bypass same origin policy in WebAudio.
14) Heap-based buffer overflow (CVE-ID: CVE-2018-6162)
CWE-ID: CWE-122 - Heap-based Buffer Overflow
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists due to heap-based buffer overflow in WebGL when handling malicious input. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and cause the service to crash.
15) Spoofing attack (CVE-ID: CVE-2018-6163)
CWE-ID: CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to conduct spoofing attack.
The vulnerability exists due to an error in Omnibox. A remote attacker can trick the victim into visiting a specially crafted website and spoof URLs.
16) Security restrictions bypass (CVE-ID: CVE-2018-6164)
CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to bypass security restrictions on the target system.
The weakness exists due to an error when handling malicious input. A remote attacker can trick the victim into visiting a specially crafted website and bypass same origin policy in ServiceWorker.
17) Spoofing attack (CVE-ID: CVE-2018-6165)
CWE-ID: CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to conduct spoofing attack.
The vulnerability exists due to an error in Omnibox. A remote attacker can trick the victim into visiting a specially crafted website and spoof URLs.
18) Spoofing attack (CVE-ID: CVE-2018-6166)
CWE-ID: CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to conduct spoofing attack.
The vulnerability exists due to an error in Omnibox. A remote attacker can trick the victim into visiting a specially crafted website and spoof URLs.
19) Spoofing attack (CVE-ID: CVE-2018-6167)
CWE-ID: CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to conduct spoofing attack.
The vulnerability exists due to an error in Omnibox. A remote attacker can trick the victim into visiting a specially crafted website and spoof URLs.
20) Security restrictions bypass (CVE-ID: CVE-2018-6168)
CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to bypass security restrictions on the target system.
The weakness exists due to an error when handling malicious input. A remote attacker can trick the victim into visiting a specially crafted website and bypass CORS in Blink.
21) Security restrictions bypass (CVE-ID: CVE-2018-6169)
CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to bypass security restrictions on the target system.
The weakness exists due to an error when handling malicious input. A remote attacker can trick the victim into visiting a specially crafted website and bypass security restrictions in extension installation.
22) Type confusion (CVE-ID: CVE-2018-6170)
CWE-ID: CWE-843 - Type confusion
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists due to type confusion in PDFium when handling malicious input. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and cause the service to crash.
23) Use-after-free error (CVE-ID: CVE-2018-6171)
CWE-ID: CWE-416 - Use After Free
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists due to use-after-free error in WebBluetooth when handling malicious input. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and cause the service to crash.
24) Spoofing attack (CVE-ID: CVE-2018-6172)
CWE-ID: CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to conduct spoofing attack.
The vulnerability exists due to an error in Omnibox. A remote attacker can trick the victim into visiting a specially crafted website and spoof URLs.
25) Spoofing attack (CVE-ID: CVE-2018-6173)
CWE-ID: CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to conduct spoofing attack.
The vulnerability exists due to an error in Omnibox. A remote attacker can trick the victim into visiting a specially crafted website and spoof URLs.
26) Integer overflow (CVE-ID: CVE-2018-6174)
CWE-ID: CWE-190 - Integer overflow
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists due to integer overflow in SwiftShader when handling malicious input. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and cause the service to crash.
27) Spoofing attack (CVE-ID: CVE-2018-6175)
CWE-ID: CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to conduct spoofing attack.
The vulnerability exists due to an error in Omnibox. A remote attacker can trick the victim into visiting a specially crafted website and spoof URLs.
28) Privilege escalation (CVE-ID: CVE-2018-6176)
CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local atacaker to gain elevated privileges on the target system.
The weakness exists due to unspecified flaw. A local attacker can use specially crafted extensions and gain elevated privileges in Extensions to conduct further attacks.
29) Memory leak (CVE-ID: CVE-2018-6177)
CWE-ID: CWE-401 - Missing release of memory after effective lifetime
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists due to cross origin information leak in Blink. A remote attacker can trick the victim into visiting a specially crafted website and gain access to arbitrary data.
30) Spoofing attack (CVE-ID: CVE-2018-6178)
CWE-ID: CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to conduct spoofing attack.
The vulnerability exists due to an error in UI. A remote attacker can trick the victim into visiting a specially crafted website and spoof UI in Extensions.
31) Memory leak (CVE-ID: CVE-2018-6179)
CWE-ID: CWE-401 - Missing release of memory after effective lifetime
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.
The weakness exists due to local file information leak in Extensions A local attacker can gain access to arbitrary data.
32) Spoofing attack (CVE-ID: CVE-2018-6160)
CWE-ID: CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to conduct spoofing attack.
The vulnerability exists due to an error in Chrome on iOS. A remote attacker can trick the victim into visiting a specially crafted website and spoof URLs.
Remediation
Install update from vendor's website.