Multiple vulnerabilities in Google Chrome



Published: 2018-10-23 | Updated: 2020-03-10
Risk High
Patch available YES
Number of vulnerabilities 18
CVE-ID CVE-2018-17462
CVE-2018-17463
CVE-2018-17464
CVE-2018-17465
CVE-2018-17466
CVE-2018-17467
CVE-2018-17473
CVE-2018-17475
CVE-2018-17468
CVE-2018-17469
CVE-2018-17470
CVE-2018-17474
CVE-2018-17471
CVE-2018-17472
CVE-2018-17476
CVE-2018-5179
CVE-2018-17477
CWE-ID CWE-265
CWE-843
CWE-122
CWE-20
CWE-416
CWE-119
CWE-200
CWE-451
Exploitation vector Network
Public exploit Vulnerability #2 is being exploited in the wild.
Vulnerable software
Subscribe
Google Chrome
Client/Desktop applications / Web browsers

Vendor Google

Security Bulletin

This security bulletin contains information about 18 vulnerabilities.

Updated: 10.03.2020

Updated description and references sections for vulnerability #2.

1) Sandbox escape

EUVDB-ID: #VU15468

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-17462

CWE-ID: CWE-265 - Privilege / Sandbox Issues

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to sandbox escape in AppCache. A remote attacker can trick the victim into visiting a specially crafted website, escape sandbox in AppCache and gain unauthorized access to the system to execute arbitrary code with elevated privileges.

Successful exploitation on the vulnerability may result in system compromise.

Mitigation

Update to version 70.0.3538.67.

Vulnerable software versions

Google Chrome: 67.0.3396.62 - 69.0.3497.100

External links

http://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Type Confusion

EUVDB-ID: #VU15469

Risk: High

CVSSv3.1: 8.2 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C]

CVE-ID: CVE-2018-17463

CWE-ID: CWE-843 - Type confusion

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a type confusion error when processing HTML content in Google Chromes JIT compiler. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a type confusion error and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Update to version 70.0.3538.67.

Vulnerable software versions

Google Chrome: 67.0.3396.62 - 69.0.3497.100

External links

http://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html
http://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/browser/chrome_object_create.rb
http://ssd-disclosure.com/archives/3783/ssd-advisory-chrome-type-confusion-in-jscreateobject-operation-to-rce


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.

3) Heap-based buffer overflow

EUVDB-ID: #VU15470

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: N/A

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to heap-based buffer overflow in Little CMS in PDFium. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation on the vulnerability may result in system compromise.

Mitigation

Update to version 70.0.3538.67.

Vulnerable software versions

Google Chrome: 69.0.3497.81

External links

http://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) URL spoofing

EUVDB-ID: #VU15471

Risk: Low

CVSSv3.1: 4.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-17464

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to spoof URLs.

The vulnerability exists due to an error in Omnibox. A remote attacker can trick the victim into visiting a specially crafted website and spoof URLs.

Mitigation

Update to version 70.0.3538.67.

Vulnerable software versions

Google Chrome: 67.0.3396.62 - 69.0.3497.100

External links

http://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Use-after-free error

EUVDB-ID: #VU15472

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-17465

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to use-after-free error in V8. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation on the vulnerability may result in system compromise.

Mitigation

Update to version 70.0.3538.67.

Vulnerable software versions

Google Chrome: 67.0.3396.62 - 69.0.3497.100

External links

http://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Memory corruption

EUVDB-ID: #VU15473

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-17466

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error in Angle. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation on the vulnerability may result in system compromise.

Mitigation

Update to version 70.0.3538.67.

Vulnerable software versions

Google Chrome: 67.0.3396.62 - 69.0.3497.100

External links

http://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) URL spoofing

EUVDB-ID: #VU15474

Risk: Low

CVSSv3.1: 4.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-17467

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to spoof URLs.

The vulnerability exists due to an error in Omnibox. A remote attacker can trick the victim into visiting a specially crafted website and spoof URLs.

Mitigation

Update to version 70.0.3538.67.

Vulnerable software versions

Google Chrome: 67.0.3396.62 - 69.0.3497.100

External links

http://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) URL spoofing

EUVDB-ID: #VU15475

Risk: Low

CVSSv3.1: 4.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-17473

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to spoof URLs.

The vulnerability exists due to an error in Omnibox. A remote attacker can trick the victim into visiting a specially crafted website and spoof URLs.

Mitigation

Update to version 70.0.3538.67.

Vulnerable software versions

Google Chrome: 67.0.3396.62 - 69.0.3497.100

External links

http://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) URL spoofing

EUVDB-ID: #VU15476

Risk: Low

CVSSv3.1: 4.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-17475

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to spoof URLs.

The vulnerability exists due to an error in Omnibox. A remote attacker can trick the victim into visiting a specially crafted website and spoof URLs.

Mitigation

Update to version 70.0.3538.67.

Vulnerable software versions

Google Chrome: 67.0.3396.62 - 69.0.3497.100

External links

http://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Information disclosure

EUVDB-ID: #VU15477

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-17468

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The vulnerability exists due to cross-origin URL disclosure in Blink. A remote attacker can trick the victim into visiting a specially crafted website and disclose cross-origin URL.

Mitigation

Update to version 70.0.3538.67.

Vulnerable software versions

Google Chrome: 67.0.3396.62 - 69.0.3497.100

External links

http://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Heap-based buffer overflow

EUVDB-ID: #VU15478

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-17469

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to heap-based buffer overflow in PDFium. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and cause the service to crash.

Mitigation

Update to version 70.0.3538.67.

Vulnerable software versions

Google Chrome: 67.0.3396.62 - 69.0.3497.100

External links

http://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Memory corruption

EUVDB-ID: #VU15479

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-17470

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to boundary error in GPU Internals. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and cause the service to crash.

Mitigation

Update to version 70.0.3538.67.

Vulnerable software versions

Google Chrome: 67.0.3396.62 - 69.0.3497.100

External links

http://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Use-after-free error

EUVDB-ID: #VU15480

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-17474

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to use-after-free error in Blink. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and cause the service to crash.

Mitigation

Update to version 70.0.3538.67.

Vulnerable software versions

Google Chrome: 67.0.3396.62 - 69.0.3497.100

External links

http://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Security restrictions bypass

EUVDB-ID: #VU15481

Risk: Low

CVSSv3.1: 5.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-17471

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The weakness exists due to security UI occlusion in full screen mode. A remote attacker can trick the victim into visiting a specially crafted website and bypass security restrictions to conduct further attacks.

Mitigation

Update to version 70.0.3538.67.

Vulnerable software versions

Google Chrome: 67.0.3396.62 - 69.0.3497.100

External links

http://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Security restrictions bypass

EUVDB-ID: #VU15482

Risk: Low

CVSSv3.1: 5.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-17472

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The weakness exists due to iframe sandbox escape on iOS. A remote attacker can trick the victim into visiting a specially crafted website and bypass security restrictions to conduct further attacks.

Mitigation

Update to version 70.0.3538.67.

Vulnerable software versions

Google Chrome: 67.0.3396.62 - 69.0.3497.100

External links

http://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Security restrictions bypass

EUVDB-ID: #VU15483

Risk: Low

CVSSv3.1: 5.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-17476

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The weakness exists due to security UI occlusion in full screen mode. A remote attacker can trick the victim into visiting a specially crafted website and bypass security restrictions to conduct further attacks.

Mitigation

Update to version 70.0.3538.67.

Vulnerable software versions

Google Chrome: 67.0.3396.62 - 69.0.3497.100

External links

http://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Security restrictions bypass

EUVDB-ID: #VU15484

Risk: Low

CVSSv3.1: 5.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-5179

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The weakness exists due to lack of limits on update() in ServiceWorker. A remote attacker can trick the victim into visiting a specially crafted website and bypass security restrictions to conduct further attacks.

Mitigation

Update to version 70.0.3538.67.

Vulnerable software versions

Google Chrome: 67.0.3396.62 - 69.0.3497.100

External links

http://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Spoofing attack

EUVDB-ID: #VU15485

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-17477

CWE-ID: CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to an error in Blink. A remote attacker can trick the victim into visiting a specially crafted website and conduct UI spoofing attack.

Mitigation

Update to version 70.0.3538.67.

Vulnerable software versions

Google Chrome: 67.0.3396.62 - 69.0.3497.100

External links

http://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###