Multiple vulnerabilities in Google Chrome

Published: 2019-10-24 | Updated: 2019-10-24
Severity High
Patch available YES
Number of vulnerabilities 39
CVE ID CVE-2019-13708
CVE-2019-13709
CVE-2019-13710
CVE-2019-13711
CVE-2019-13707
CVE-2019-13706
CVE-2019-13703
CVE-2019-13704
CVE-2019-13705
CVE-2019-15903
CVE-2019-13713
CVE-2019-13719
CVE-2019-13718
CVE-2019-13717
CVE-2019-13714
CVE-2019-13715
CVE-2019-13716
CVE-2019-13702
CVE-2019-13701
CVE-2019-13699
CVE-2019-13700
CWE ID CWE-290
CWE-693
CWE-200
CWE-125
CWE-451
CWE-264
CWE-94
CWE-399
CWE-119
CWE-416
Exploitation vector Network
Public exploit Public exploit code for vulnerability #10 is available.
Vulnerable software Google Chrome Subscribe
Vendor Google, Inc.

Security Advisory

1) Authentication Bypass by Spoofing

Severity: Medium

CVSSv3: 5.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2019-13708

CWE-ID: CWE-290 - Authentication Bypass by Spoofing

Description

The vulnerability allows a remote attacker to perform a spoofing attack.

The vulnerability exists due to an unspecified error that allows a remote attacker to spoof HTTP authentication window and gain unauthorized access to victim's credentials.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Google Chrome: 78.0.3904.0, 78.0.3904.1, 78.0.3904.2, 78.0.3904.3, 78.0.3904.4, 78.0.3904.5, 78.0.3904.6, 78.0.3904.7, 78.0.3904.8, 78.0.3904.9, 78.0.3904.10, 78.0.3904.11, 78.0.3904.12, 78.0.3904.13, 78.0.3904.14, 78.0.3904.15, 78.0.3904.16, 78.0.3904.17, 78.0.3904.18, 78.0.3904.19, 78.0.3904.20, 78.0.3904.21, 78.0.3904.22, 78.0.3904.23, 78.0.3904.24, 78.0.3904.25, 78.0.3904.26, 78.0.3904.27, 78.0.3904.28, 78.0.3904.29, 78.0.3904.30, 78.0.3904.31, 78.0.3904.32, 78.0.3904.33, 78.0.3904.34, 78.0.3904.35, 78.0.3904.36, 78.0.3904.37, 78.0.3904.38, 78.0.3904.39, 78.0.3904.40, 78.0.3904.41, 78.0.3904.42, 78.0.3904.43, 78.0.3904.44, 78.0.3904.45, 78.0.3904.46, 78.0.3904.47, 78.0.3904.48, 78.0.3904.49, 78.0.3904.50, 78.0.3904.51, 78.0.3904.52, 78.0.3904.53, 78.0.3904.54, 78.0.3904.55, 78.0.3904.56, 78.0.3904.57, 78.0.3904.58, 78.0.3904.59, 78.0.3904.60, 78.0.3904.61, 78.0.3904.62, 78.0.3904.63, 78.0.3904.66, 78.0.3904.67, 78.0.3904.68, 78.0.3904.69

CPE External links

https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_22.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Protection Mechanism Failure

Severity: Low

CVSSv3: 3.8 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-13709

CWE-ID: CWE-693 - Protection Mechanism Failure

Description

The vulnerability allows a remote attacker to bypass certain security restrictions.

The vulnerability exists due to unspecified error that allows a remote attacker to bypass file download security feature and silently download dangerous files to the victim's system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Google Chrome: 78.0.3904.0, 78.0.3904.1, 78.0.3904.2, 78.0.3904.3, 78.0.3904.4, 78.0.3904.5, 78.0.3904.6, 78.0.3904.7, 78.0.3904.8, 78.0.3904.9, 78.0.3904.10, 78.0.3904.11, 78.0.3904.12, 78.0.3904.13, 78.0.3904.14, 78.0.3904.15, 78.0.3904.16, 78.0.3904.17, 78.0.3904.18, 78.0.3904.19, 78.0.3904.20, 78.0.3904.21, 78.0.3904.22, 78.0.3904.23, 78.0.3904.24, 78.0.3904.25, 78.0.3904.26, 78.0.3904.27, 78.0.3904.28, 78.0.3904.29, 78.0.3904.30, 78.0.3904.31, 78.0.3904.32, 78.0.3904.33, 78.0.3904.34, 78.0.3904.35, 78.0.3904.36, 78.0.3904.37, 78.0.3904.38, 78.0.3904.39, 78.0.3904.40, 78.0.3904.41, 78.0.3904.42, 78.0.3904.43, 78.0.3904.44, 78.0.3904.45, 78.0.3904.46, 78.0.3904.47, 78.0.3904.48, 78.0.3904.49, 78.0.3904.50, 78.0.3904.51, 78.0.3904.52, 78.0.3904.53, 78.0.3904.54, 78.0.3904.55, 78.0.3904.56, 78.0.3904.57, 78.0.3904.58, 78.0.3904.59, 78.0.3904.60, 78.0.3904.61, 78.0.3904.62, 78.0.3904.63, 78.0.3904.66, 78.0.3904.67, 78.0.3904.68, 78.0.3904.69

CPE External links

https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_22.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Protection Mechanism Failure

Severity: Low

CVSSv3: 3.8 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-13710

CWE-ID: CWE-693 - Protection Mechanism Failure

Description

The vulnerability allows a remote attacker to bypass certain security restrictions.

The vulnerability exists due to unspecified error that allows a remote attacker to bypass file download security feature and silently download dangerous files to the victim's system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Google Chrome: 78.0.3904.0, 78.0.3904.1, 78.0.3904.2, 78.0.3904.3, 78.0.3904.4, 78.0.3904.5, 78.0.3904.6, 78.0.3904.7, 78.0.3904.8, 78.0.3904.9, 78.0.3904.10, 78.0.3904.11, 78.0.3904.12, 78.0.3904.13, 78.0.3904.14, 78.0.3904.15, 78.0.3904.16, 78.0.3904.17, 78.0.3904.18, 78.0.3904.19, 78.0.3904.20, 78.0.3904.21, 78.0.3904.22, 78.0.3904.23, 78.0.3904.24, 78.0.3904.25, 78.0.3904.26, 78.0.3904.27, 78.0.3904.28, 78.0.3904.29, 78.0.3904.30, 78.0.3904.31, 78.0.3904.32, 78.0.3904.33, 78.0.3904.34, 78.0.3904.35, 78.0.3904.36, 78.0.3904.37, 78.0.3904.38, 78.0.3904.39, 78.0.3904.40, 78.0.3904.41, 78.0.3904.42, 78.0.3904.43, 78.0.3904.44, 78.0.3904.45, 78.0.3904.46, 78.0.3904.47, 78.0.3904.48, 78.0.3904.49, 78.0.3904.50, 78.0.3904.51, 78.0.3904.52, 78.0.3904.53, 78.0.3904.54, 78.0.3904.55, 78.0.3904.56, 78.0.3904.57, 78.0.3904.58, 78.0.3904.59, 78.0.3904.60, 78.0.3904.61, 78.0.3904.62, 78.0.3904.63, 78.0.3904.66, 78.0.3904.67, 78.0.3904.68, 78.0.3904.69

CPE External links

https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_22.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Information disclosure

Severity: Low

CVSSv3: 3.8 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-13711

CWE-ID: CWE-200 - Information Exposure

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to unspecified error. A remote attacker can gain unauthorized access to sensitive information from another security context.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Google Chrome: 78.0.3904.0, 78.0.3904.1, 78.0.3904.2, 78.0.3904.3, 78.0.3904.4, 78.0.3904.5, 78.0.3904.6, 78.0.3904.7, 78.0.3904.8, 78.0.3904.9, 78.0.3904.10, 78.0.3904.11, 78.0.3904.12, 78.0.3904.13, 78.0.3904.14, 78.0.3904.15, 78.0.3904.16, 78.0.3904.17, 78.0.3904.18, 78.0.3904.19, 78.0.3904.20, 78.0.3904.21, 78.0.3904.22, 78.0.3904.23, 78.0.3904.24, 78.0.3904.25, 78.0.3904.26, 78.0.3904.27, 78.0.3904.28, 78.0.3904.29, 78.0.3904.30, 78.0.3904.31, 78.0.3904.32, 78.0.3904.33, 78.0.3904.34, 78.0.3904.35, 78.0.3904.36, 78.0.3904.37, 78.0.3904.38, 78.0.3904.39, 78.0.3904.40, 78.0.3904.41, 78.0.3904.42, 78.0.3904.43, 78.0.3904.44, 78.0.3904.45, 78.0.3904.46, 78.0.3904.47, 78.0.3904.48, 78.0.3904.49, 78.0.3904.50, 78.0.3904.51, 78.0.3904.52, 78.0.3904.53, 78.0.3904.54, 78.0.3904.55, 78.0.3904.56, 78.0.3904.57, 78.0.3904.58, 78.0.3904.59, 78.0.3904.60, 78.0.3904.61, 78.0.3904.62, 78.0.3904.63, 78.0.3904.66, 78.0.3904.67, 78.0.3904.68, 78.0.3904.69

CPE External links

https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_22.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Information disclosure

Severity: Low

CVSSv3: 3.8 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-13707

CWE-ID: CWE-200 - Information Exposure

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to the application allows disclosure of file storage. A remote attacker can gain unauthorized access to sensitive information on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Google Chrome: 78.0.3904.0, 78.0.3904.1, 78.0.3904.2, 78.0.3904.3, 78.0.3904.4, 78.0.3904.5, 78.0.3904.6, 78.0.3904.7, 78.0.3904.8, 78.0.3904.9, 78.0.3904.10, 78.0.3904.11, 78.0.3904.12, 78.0.3904.13, 78.0.3904.14, 78.0.3904.15, 78.0.3904.16, 78.0.3904.17, 78.0.3904.18, 78.0.3904.19, 78.0.3904.20, 78.0.3904.21, 78.0.3904.22, 78.0.3904.23, 78.0.3904.24, 78.0.3904.25, 78.0.3904.26, 78.0.3904.27, 78.0.3904.28, 78.0.3904.29, 78.0.3904.30, 78.0.3904.31, 78.0.3904.32, 78.0.3904.33, 78.0.3904.34, 78.0.3904.35, 78.0.3904.36, 78.0.3904.37, 78.0.3904.38, 78.0.3904.39, 78.0.3904.40, 78.0.3904.41, 78.0.3904.42, 78.0.3904.43, 78.0.3904.44, 78.0.3904.45, 78.0.3904.46, 78.0.3904.47, 78.0.3904.48, 78.0.3904.49, 78.0.3904.50, 78.0.3904.51, 78.0.3904.52, 78.0.3904.53, 78.0.3904.54, 78.0.3904.55, 78.0.3904.56, 78.0.3904.57, 78.0.3904.58, 78.0.3904.59, 78.0.3904.60, 78.0.3904.61, 78.0.3904.62, 78.0.3904.63, 78.0.3904.66, 78.0.3904.67, 78.0.3904.68, 78.0.3904.69

CPE External links

https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_22.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Out-of-bounds read

Severity: Medium

CVSSv3: 4.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2019-13706

CWE-ID: CWE-125 - Out-of-bounds Read

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition when processing PDF content within the PDFium component. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system on crash the application.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Google Chrome: 78.0.3904.0, 78.0.3904.1, 78.0.3904.2, 78.0.3904.3, 78.0.3904.4, 78.0.3904.5, 78.0.3904.6, 78.0.3904.7, 78.0.3904.8, 78.0.3904.9, 78.0.3904.10, 78.0.3904.11, 78.0.3904.12, 78.0.3904.13, 78.0.3904.14, 78.0.3904.15, 78.0.3904.16, 78.0.3904.17, 78.0.3904.18, 78.0.3904.19, 78.0.3904.20, 78.0.3904.21, 78.0.3904.22, 78.0.3904.23, 78.0.3904.24, 78.0.3904.25, 78.0.3904.26, 78.0.3904.27, 78.0.3904.28, 78.0.3904.29, 78.0.3904.30, 78.0.3904.31, 78.0.3904.32, 78.0.3904.33, 78.0.3904.34, 78.0.3904.35, 78.0.3904.36, 78.0.3904.37, 78.0.3904.38, 78.0.3904.39, 78.0.3904.40, 78.0.3904.41, 78.0.3904.42, 78.0.3904.43, 78.0.3904.44, 78.0.3904.45, 78.0.3904.46, 78.0.3904.47, 78.0.3904.48, 78.0.3904.49, 78.0.3904.50, 78.0.3904.51, 78.0.3904.52, 78.0.3904.53, 78.0.3904.54, 78.0.3904.55, 78.0.3904.56, 78.0.3904.57, 78.0.3904.58, 78.0.3904.59, 78.0.3904.60, 78.0.3904.61, 78.0.3904.62, 78.0.3904.63, 78.0.3904.66, 78.0.3904.67, 78.0.3904.68, 78.0.3904.69

CPE External links

https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_22.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Spoofing attack

Severity: Low

CVSSv3: 4.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2019-13703

CWE-ID: CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)

Description

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to incorrect processing of user-supplied data. A remote attacker can create a specially crafted webpage and spoof URL in the browser bar.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Google Chrome: 78.0.3904.0, 78.0.3904.1, 78.0.3904.2, 78.0.3904.3, 78.0.3904.4, 78.0.3904.5, 78.0.3904.6, 78.0.3904.7, 78.0.3904.8, 78.0.3904.9, 78.0.3904.10, 78.0.3904.11, 78.0.3904.12, 78.0.3904.13, 78.0.3904.14, 78.0.3904.15, 78.0.3904.16, 78.0.3904.17, 78.0.3904.18, 78.0.3904.19, 78.0.3904.20, 78.0.3904.21, 78.0.3904.22, 78.0.3904.23, 78.0.3904.24, 78.0.3904.25, 78.0.3904.26, 78.0.3904.27, 78.0.3904.28, 78.0.3904.29, 78.0.3904.30, 78.0.3904.31, 78.0.3904.32, 78.0.3904.33, 78.0.3904.34, 78.0.3904.35, 78.0.3904.36, 78.0.3904.37, 78.0.3904.38, 78.0.3904.39, 78.0.3904.40, 78.0.3904.41, 78.0.3904.42, 78.0.3904.43, 78.0.3904.44, 78.0.3904.45, 78.0.3904.46, 78.0.3904.47, 78.0.3904.48, 78.0.3904.49, 78.0.3904.50, 78.0.3904.51, 78.0.3904.52, 78.0.3904.53, 78.0.3904.54, 78.0.3904.55, 78.0.3904.56, 78.0.3904.57, 78.0.3904.58, 78.0.3904.59, 78.0.3904.60, 78.0.3904.61, 78.0.3904.62, 78.0.3904.63, 78.0.3904.66, 78.0.3904.67, 78.0.3904.68, 78.0.3904.69

CPE External links

https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_22.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Permissions, Privileges, and Access Controls

Severity: Low

CVSSv3: 4.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2019-13704

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Description

The vulnerability allows a remote attacker to bypass certain security restrictions.

The vulnerability exists due to an error when processing CSP policies. A remote attacker can bypass CSP protection mechanism and perform cross-domain requests.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Google Chrome: 78.0.3904.0, 78.0.3904.1, 78.0.3904.2, 78.0.3904.3, 78.0.3904.4, 78.0.3904.5, 78.0.3904.6, 78.0.3904.7, 78.0.3904.8, 78.0.3904.9, 78.0.3904.10, 78.0.3904.11, 78.0.3904.12, 78.0.3904.13, 78.0.3904.14, 78.0.3904.15, 78.0.3904.16, 78.0.3904.17, 78.0.3904.18, 78.0.3904.19, 78.0.3904.20, 78.0.3904.21, 78.0.3904.22, 78.0.3904.23, 78.0.3904.24, 78.0.3904.25, 78.0.3904.26, 78.0.3904.27, 78.0.3904.28, 78.0.3904.29, 78.0.3904.30, 78.0.3904.31, 78.0.3904.32, 78.0.3904.33, 78.0.3904.34, 78.0.3904.35, 78.0.3904.36, 78.0.3904.37, 78.0.3904.38, 78.0.3904.39, 78.0.3904.40, 78.0.3904.41, 78.0.3904.42, 78.0.3904.43, 78.0.3904.44, 78.0.3904.45, 78.0.3904.46, 78.0.3904.47, 78.0.3904.48, 78.0.3904.49, 78.0.3904.50, 78.0.3904.51, 78.0.3904.52, 78.0.3904.53, 78.0.3904.54, 78.0.3904.55, 78.0.3904.56, 78.0.3904.57, 78.0.3904.58, 78.0.3904.59, 78.0.3904.60, 78.0.3904.61, 78.0.3904.62, 78.0.3904.63, 78.0.3904.66, 78.0.3904.67, 78.0.3904.68, 78.0.3904.69

CPE External links

https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_22.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Permissions, Privileges, and Access Controls

Severity: Low

CVSSv3: 4.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2019-13705

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Description

The vulnerability allows a remote attacker to escalate privileges on the system.

The vulnerability exists due to incorrect processing of permissions in the Extension component. A remote attacker can create a specially crafted webpage, trick the victim into visiting it and bypass certain security restrictions.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Google Chrome: 78.0.3904.0, 78.0.3904.1, 78.0.3904.2, 78.0.3904.3, 78.0.3904.4, 78.0.3904.5, 78.0.3904.6, 78.0.3904.7, 78.0.3904.8, 78.0.3904.9, 78.0.3904.10, 78.0.3904.11, 78.0.3904.12, 78.0.3904.13, 78.0.3904.14, 78.0.3904.15, 78.0.3904.16, 78.0.3904.17, 78.0.3904.18, 78.0.3904.19, 78.0.3904.20, 78.0.3904.21, 78.0.3904.22, 78.0.3904.23, 78.0.3904.24, 78.0.3904.25, 78.0.3904.26, 78.0.3904.27, 78.0.3904.28, 78.0.3904.29, 78.0.3904.30, 78.0.3904.31, 78.0.3904.32, 78.0.3904.33, 78.0.3904.34, 78.0.3904.35, 78.0.3904.36, 78.0.3904.37, 78.0.3904.38, 78.0.3904.39, 78.0.3904.40, 78.0.3904.41, 78.0.3904.42, 78.0.3904.43, 78.0.3904.44, 78.0.3904.45, 78.0.3904.46, 78.0.3904.47, 78.0.3904.48, 78.0.3904.49, 78.0.3904.50, 78.0.3904.51, 78.0.3904.52, 78.0.3904.53, 78.0.3904.54, 78.0.3904.55, 78.0.3904.56, 78.0.3904.57, 78.0.3904.58, 78.0.3904.59, 78.0.3904.60, 78.0.3904.61, 78.0.3904.62, 78.0.3904.63, 78.0.3904.66, 78.0.3904.67, 78.0.3904.68, 78.0.3904.69

CPE External links

https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_22.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Out-of-bounds read

Severity: Medium

CVSSv3: 4.9 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:P/RL:O/RC:C] [PCI]

CVE-ID: CVE-2019-15903

CWE-ID: CWE-125 - Out-of-bounds Read

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information or perform denial of service (DoS) attack.

The vulnerability exists due to a boundary error when processing XML documents within the expat library. A remote attacker can create a specially crafted XML file, pass it to the affected application, trigger out-of-bounds read error and read contents of memory on the system or crash the affected application.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Google Chrome: 78.0.3904.0, 78.0.3904.1, 78.0.3904.2, 78.0.3904.3, 78.0.3904.4, 78.0.3904.5, 78.0.3904.6, 78.0.3904.7, 78.0.3904.8, 78.0.3904.9, 78.0.3904.10, 78.0.3904.11, 78.0.3904.12, 78.0.3904.13, 78.0.3904.14, 78.0.3904.15, 78.0.3904.16, 78.0.3904.17, 78.0.3904.18, 78.0.3904.19, 78.0.3904.20, 78.0.3904.21, 78.0.3904.22, 78.0.3904.23, 78.0.3904.24, 78.0.3904.25, 78.0.3904.26, 78.0.3904.27, 78.0.3904.28, 78.0.3904.29, 78.0.3904.30, 78.0.3904.31, 78.0.3904.32, 78.0.3904.33, 78.0.3904.34, 78.0.3904.35, 78.0.3904.36, 78.0.3904.37, 78.0.3904.38, 78.0.3904.39, 78.0.3904.40, 78.0.3904.41, 78.0.3904.42, 78.0.3904.43, 78.0.3904.44, 78.0.3904.45, 78.0.3904.46, 78.0.3904.47, 78.0.3904.48, 78.0.3904.49, 78.0.3904.50, 78.0.3904.51, 78.0.3904.52, 78.0.3904.53, 78.0.3904.54, 78.0.3904.55, 78.0.3904.56, 78.0.3904.57, 78.0.3904.58, 78.0.3904.59, 78.0.3904.60, 78.0.3904.61, 78.0.3904.62, 78.0.3904.63, 78.0.3904.66, 78.0.3904.67, 78.0.3904.68, 78.0.3904.69

CPE External links

https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_22.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

11) Information disclosure

Severity: Low

CVSSv3: 3.8 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-13713

CWE-ID: CWE-200 - Information Exposure

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to cross-origin data leak. A remote attacker can gain unauthorized access to sensitive information.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Google Chrome: 78.0.3904.0, 78.0.3904.1, 78.0.3904.2, 78.0.3904.3, 78.0.3904.4, 78.0.3904.5, 78.0.3904.6, 78.0.3904.7, 78.0.3904.8, 78.0.3904.9, 78.0.3904.10, 78.0.3904.11, 78.0.3904.12, 78.0.3904.13, 78.0.3904.14, 78.0.3904.15, 78.0.3904.16, 78.0.3904.17, 78.0.3904.18, 78.0.3904.19, 78.0.3904.20, 78.0.3904.21, 78.0.3904.22, 78.0.3904.23, 78.0.3904.24, 78.0.3904.25, 78.0.3904.26, 78.0.3904.27, 78.0.3904.28, 78.0.3904.29, 78.0.3904.30, 78.0.3904.31, 78.0.3904.32, 78.0.3904.33, 78.0.3904.34, 78.0.3904.35, 78.0.3904.36, 78.0.3904.37, 78.0.3904.38, 78.0.3904.39, 78.0.3904.40, 78.0.3904.41, 78.0.3904.42, 78.0.3904.43, 78.0.3904.44, 78.0.3904.45, 78.0.3904.46, 78.0.3904.47, 78.0.3904.48, 78.0.3904.49, 78.0.3904.50, 78.0.3904.51, 78.0.3904.52, 78.0.3904.53, 78.0.3904.54, 78.0.3904.55, 78.0.3904.56, 78.0.3904.57, 78.0.3904.58, 78.0.3904.59, 78.0.3904.60, 78.0.3904.61, 78.0.3904.62, 78.0.3904.63, 78.0.3904.66, 78.0.3904.67, 78.0.3904.68, 78.0.3904.69

CPE External links

https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_22.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Spoofing attack

Severity: Low

CVSSv3: 3.8 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-13719

CWE-ID: CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)

Description

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to incorrect processing of browser notifications. A remote attacker can create a specially crafted web page and spoof contents of notifications that are displayed to the user.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Google Chrome: 78.0.3904.0, 78.0.3904.1, 78.0.3904.2, 78.0.3904.3, 78.0.3904.4, 78.0.3904.5, 78.0.3904.6, 78.0.3904.7, 78.0.3904.8, 78.0.3904.9, 78.0.3904.10, 78.0.3904.11, 78.0.3904.12, 78.0.3904.13, 78.0.3904.14, 78.0.3904.15, 78.0.3904.16, 78.0.3904.17, 78.0.3904.18, 78.0.3904.19, 78.0.3904.20, 78.0.3904.21, 78.0.3904.22, 78.0.3904.23, 78.0.3904.24, 78.0.3904.25, 78.0.3904.26, 78.0.3904.27, 78.0.3904.28, 78.0.3904.29, 78.0.3904.30, 78.0.3904.31, 78.0.3904.32, 78.0.3904.33, 78.0.3904.34, 78.0.3904.35, 78.0.3904.36, 78.0.3904.37, 78.0.3904.38, 78.0.3904.39, 78.0.3904.40, 78.0.3904.41, 78.0.3904.42, 78.0.3904.43, 78.0.3904.44, 78.0.3904.45, 78.0.3904.46, 78.0.3904.47, 78.0.3904.48, 78.0.3904.49, 78.0.3904.50, 78.0.3904.51, 78.0.3904.52, 78.0.3904.53, 78.0.3904.54, 78.0.3904.55, 78.0.3904.56, 78.0.3904.57, 78.0.3904.58, 78.0.3904.59, 78.0.3904.60, 78.0.3904.61, 78.0.3904.62, 78.0.3904.63, 78.0.3904.66, 78.0.3904.67, 78.0.3904.68, 78.0.3904.69

CPE External links

https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_22.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Spoofing attack

Severity: Low

CVSSv3: 3.7 [CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-13718

CWE-ID: CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)

Description

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to incorrect processing of IDN domain names. A remote attacker can register a specially crafted domain name and perform spoofing attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Google Chrome: 78.0.3904.0, 78.0.3904.1, 78.0.3904.2, 78.0.3904.3, 78.0.3904.4, 78.0.3904.5, 78.0.3904.6, 78.0.3904.7, 78.0.3904.8, 78.0.3904.9, 78.0.3904.10, 78.0.3904.11, 78.0.3904.12, 78.0.3904.13, 78.0.3904.14, 78.0.3904.15, 78.0.3904.16, 78.0.3904.17, 78.0.3904.18, 78.0.3904.19, 78.0.3904.20, 78.0.3904.21, 78.0.3904.22, 78.0.3904.23, 78.0.3904.24, 78.0.3904.25, 78.0.3904.26, 78.0.3904.27, 78.0.3904.28, 78.0.3904.29, 78.0.3904.30, 78.0.3904.31, 78.0.3904.32, 78.0.3904.33, 78.0.3904.34, 78.0.3904.35, 78.0.3904.36, 78.0.3904.37, 78.0.3904.38, 78.0.3904.39, 78.0.3904.40, 78.0.3904.41, 78.0.3904.42, 78.0.3904.43, 78.0.3904.44, 78.0.3904.45, 78.0.3904.46, 78.0.3904.47, 78.0.3904.48, 78.0.3904.49, 78.0.3904.50, 78.0.3904.51, 78.0.3904.52, 78.0.3904.53, 78.0.3904.54, 78.0.3904.55, 78.0.3904.56, 78.0.3904.57, 78.0.3904.58, 78.0.3904.59, 78.0.3904.60, 78.0.3904.61, 78.0.3904.62, 78.0.3904.63, 78.0.3904.66, 78.0.3904.67, 78.0.3904.68, 78.0.3904.69

CPE External links

https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_22.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Spoofing attack

Severity: Low

CVSSv3: 3.8 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-13717

CWE-ID: CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)

Description

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to incorrect processing of browser notifications. A remote attacker can create a specially crafted web page and spoof contents of notifications that are displayed to the user.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Google Chrome: 78.0.3904.0, 78.0.3904.1, 78.0.3904.2, 78.0.3904.3, 78.0.3904.4, 78.0.3904.5, 78.0.3904.6, 78.0.3904.7, 78.0.3904.8, 78.0.3904.9, 78.0.3904.10, 78.0.3904.11, 78.0.3904.12, 78.0.3904.13, 78.0.3904.14, 78.0.3904.15, 78.0.3904.16, 78.0.3904.17, 78.0.3904.18, 78.0.3904.19, 78.0.3904.20, 78.0.3904.21, 78.0.3904.22, 78.0.3904.23, 78.0.3904.24, 78.0.3904.25, 78.0.3904.26, 78.0.3904.27, 78.0.3904.28, 78.0.3904.29, 78.0.3904.30, 78.0.3904.31, 78.0.3904.32, 78.0.3904.33, 78.0.3904.34, 78.0.3904.35, 78.0.3904.36, 78.0.3904.37, 78.0.3904.38, 78.0.3904.39, 78.0.3904.40, 78.0.3904.41, 78.0.3904.42, 78.0.3904.43, 78.0.3904.44, 78.0.3904.45, 78.0.3904.46, 78.0.3904.47, 78.0.3904.48, 78.0.3904.49, 78.0.3904.50, 78.0.3904.51, 78.0.3904.52, 78.0.3904.53, 78.0.3904.54, 78.0.3904.55, 78.0.3904.56, 78.0.3904.57, 78.0.3904.58, 78.0.3904.59, 78.0.3904.60, 78.0.3904.61, 78.0.3904.62, 78.0.3904.63, 78.0.3904.66, 78.0.3904.67, 78.0.3904.68, 78.0.3904.69

CPE External links

https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_22.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Code Injection

Severity: Low

CVSSv3: 4.1 [CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2019-13714

CWE-ID: CWE-94 - Improper Control of Generation of Code ('Code Injection')

Description

The vulnerability allows a remote attacker to execute arbitrary JavaScript code.

The vulnerability exists due to improper input validation when processing CSS files. A remote attacker can send create a specially crafted webpage and perform CSS injection attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Google Chrome: 78.0.3904.0, 78.0.3904.1, 78.0.3904.2, 78.0.3904.3, 78.0.3904.4, 78.0.3904.5, 78.0.3904.6, 78.0.3904.7, 78.0.3904.8, 78.0.3904.9, 78.0.3904.10, 78.0.3904.11, 78.0.3904.12, 78.0.3904.13, 78.0.3904.14, 78.0.3904.15, 78.0.3904.16, 78.0.3904.17, 78.0.3904.18, 78.0.3904.19, 78.0.3904.20, 78.0.3904.21, 78.0.3904.22, 78.0.3904.23, 78.0.3904.24, 78.0.3904.25, 78.0.3904.26, 78.0.3904.27, 78.0.3904.28, 78.0.3904.29, 78.0.3904.30, 78.0.3904.31, 78.0.3904.32, 78.0.3904.33, 78.0.3904.34, 78.0.3904.35, 78.0.3904.36, 78.0.3904.37, 78.0.3904.38, 78.0.3904.39, 78.0.3904.40, 78.0.3904.41, 78.0.3904.42, 78.0.3904.43, 78.0.3904.44, 78.0.3904.45, 78.0.3904.46, 78.0.3904.47, 78.0.3904.48, 78.0.3904.49, 78.0.3904.50, 78.0.3904.51, 78.0.3904.52, 78.0.3904.53, 78.0.3904.54, 78.0.3904.55, 78.0.3904.56, 78.0.3904.57, 78.0.3904.58, 78.0.3904.59, 78.0.3904.60, 78.0.3904.61, 78.0.3904.62, 78.0.3904.63, 78.0.3904.66, 78.0.3904.67, 78.0.3904.68, 78.0.3904.69

CPE External links

https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_22.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Spoofing attack

Severity: Low

CVSSv3: 3.8 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-13715

CWE-ID: CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)

Description

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to incorrect processing of user-supplied data. A remote attacker can create a specially crafted webpage and spoof the browser's address bar.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Google Chrome: 78.0.3904.0, 78.0.3904.1, 78.0.3904.2, 78.0.3904.3, 78.0.3904.4, 78.0.3904.5, 78.0.3904.6, 78.0.3904.7, 78.0.3904.8, 78.0.3904.9, 78.0.3904.10, 78.0.3904.11, 78.0.3904.12, 78.0.3904.13, 78.0.3904.14, 78.0.3904.15, 78.0.3904.16, 78.0.3904.17, 78.0.3904.18, 78.0.3904.19, 78.0.3904.20, 78.0.3904.21, 78.0.3904.22, 78.0.3904.23, 78.0.3904.24, 78.0.3904.25, 78.0.3904.26, 78.0.3904.27, 78.0.3904.28, 78.0.3904.29, 78.0.3904.30, 78.0.3904.31, 78.0.3904.32, 78.0.3904.33, 78.0.3904.34, 78.0.3904.35, 78.0.3904.36, 78.0.3904.37, 78.0.3904.38, 78.0.3904.39, 78.0.3904.40, 78.0.3904.41, 78.0.3904.42, 78.0.3904.43, 78.0.3904.44, 78.0.3904.45, 78.0.3904.46, 78.0.3904.47, 78.0.3904.48, 78.0.3904.49, 78.0.3904.50, 78.0.3904.51, 78.0.3904.52, 78.0.3904.53, 78.0.3904.54, 78.0.3904.55, 78.0.3904.56, 78.0.3904.57, 78.0.3904.58, 78.0.3904.59, 78.0.3904.60, 78.0.3904.61, 78.0.3904.62, 78.0.3904.63, 78.0.3904.66, 78.0.3904.67, 78.0.3904.68, 78.0.3904.69

CPE External links

https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_22.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Resource management error

Severity: Low

CVSSv3: 3.8 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-13716

CWE-ID: CWE-399 - Resource Management Errors

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a resource management error. A remote attacker can use a specially crafted webpage to crash the affected browser.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Google Chrome: 78.0.3904.0, 78.0.3904.1, 78.0.3904.2, 78.0.3904.3, 78.0.3904.4, 78.0.3904.5, 78.0.3904.6, 78.0.3904.7, 78.0.3904.8, 78.0.3904.9, 78.0.3904.10, 78.0.3904.11, 78.0.3904.12, 78.0.3904.13, 78.0.3904.14, 78.0.3904.15, 78.0.3904.16, 78.0.3904.17, 78.0.3904.18, 78.0.3904.19, 78.0.3904.20, 78.0.3904.21, 78.0.3904.22, 78.0.3904.23, 78.0.3904.24, 78.0.3904.25, 78.0.3904.26, 78.0.3904.27, 78.0.3904.28, 78.0.3904.29, 78.0.3904.30, 78.0.3904.31, 78.0.3904.32, 78.0.3904.33, 78.0.3904.34, 78.0.3904.35, 78.0.3904.36, 78.0.3904.37, 78.0.3904.38, 78.0.3904.39, 78.0.3904.40, 78.0.3904.41, 78.0.3904.42, 78.0.3904.43, 78.0.3904.44, 78.0.3904.45, 78.0.3904.46, 78.0.3904.47, 78.0.3904.48, 78.0.3904.49, 78.0.3904.50, 78.0.3904.51, 78.0.3904.52, 78.0.3904.53, 78.0.3904.54, 78.0.3904.55, 78.0.3904.56, 78.0.3904.57, 78.0.3904.58, 78.0.3904.59, 78.0.3904.60, 78.0.3904.61, 78.0.3904.62, 78.0.3904.63, 78.0.3904.66, 78.0.3904.67, 78.0.3904.68, 78.0.3904.69

CPE External links

https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_22.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Permissions, Privileges, and Access Controls

Severity: Low

CVSSv3: 4.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2019-13702

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Description

The vulnerability allows a remote attacker to escalate privileges on the system.

The vulnerability exists due to unspecified error in the Installer component. A remote attacker can bypass certain security restrictions.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Google Chrome: 78.0.3904.0, 78.0.3904.1, 78.0.3904.2, 78.0.3904.3, 78.0.3904.4, 78.0.3904.5, 78.0.3904.6, 78.0.3904.7, 78.0.3904.8, 78.0.3904.9, 78.0.3904.10, 78.0.3904.11, 78.0.3904.12, 78.0.3904.13, 78.0.3904.14, 78.0.3904.15, 78.0.3904.16, 78.0.3904.17, 78.0.3904.18, 78.0.3904.19, 78.0.3904.20, 78.0.3904.21, 78.0.3904.22, 78.0.3904.23, 78.0.3904.24, 78.0.3904.25, 78.0.3904.26, 78.0.3904.27, 78.0.3904.28, 78.0.3904.29, 78.0.3904.30, 78.0.3904.31, 78.0.3904.32, 78.0.3904.33, 78.0.3904.34, 78.0.3904.35, 78.0.3904.36, 78.0.3904.37, 78.0.3904.38, 78.0.3904.39, 78.0.3904.40, 78.0.3904.41, 78.0.3904.42, 78.0.3904.43, 78.0.3904.44, 78.0.3904.45, 78.0.3904.46, 78.0.3904.47, 78.0.3904.48, 78.0.3904.49, 78.0.3904.50, 78.0.3904.51, 78.0.3904.52, 78.0.3904.53, 78.0.3904.54, 78.0.3904.55, 78.0.3904.56, 78.0.3904.57, 78.0.3904.58, 78.0.3904.59, 78.0.3904.60, 78.0.3904.61, 78.0.3904.62, 78.0.3904.63, 78.0.3904.66, 78.0.3904.67, 78.0.3904.68, 78.0.3904.69

CPE External links

https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_22.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Spoofing attack

Severity: Low

CVSSv3: 4.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2019-13701

CWE-ID: CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)

Description

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to incorrect processing of user-supplied data. A remote attacker can create a specially crafted webpage and spoof browser URL in navigation.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Google Chrome: 78.0.3904.0, 78.0.3904.1, 78.0.3904.2, 78.0.3904.3, 78.0.3904.4, 78.0.3904.5, 78.0.3904.6, 78.0.3904.7, 78.0.3904.8, 78.0.3904.9, 78.0.3904.10, 78.0.3904.11, 78.0.3904.12, 78.0.3904.13, 78.0.3904.14, 78.0.3904.15, 78.0.3904.16, 78.0.3904.17, 78.0.3904.18, 78.0.3904.19, 78.0.3904.20, 78.0.3904.21, 78.0.3904.22, 78.0.3904.23, 78.0.3904.24, 78.0.3904.25, 78.0.3904.26, 78.0.3904.27, 78.0.3904.28, 78.0.3904.29, 78.0.3904.30, 78.0.3904.31, 78.0.3904.32, 78.0.3904.33, 78.0.3904.34, 78.0.3904.35, 78.0.3904.36, 78.0.3904.37, 78.0.3904.38, 78.0.3904.39, 78.0.3904.40, 78.0.3904.41, 78.0.3904.42, 78.0.3904.43, 78.0.3904.44, 78.0.3904.45, 78.0.3904.46, 78.0.3904.47, 78.0.3904.48, 78.0.3904.49, 78.0.3904.50, 78.0.3904.51, 78.0.3904.52, 78.0.3904.53, 78.0.3904.54, 78.0.3904.55, 78.0.3904.56, 78.0.3904.57, 78.0.3904.58, 78.0.3904.59, 78.0.3904.60, 78.0.3904.61, 78.0.3904.62, 78.0.3904.63, 78.0.3904.66, 78.0.3904.67, 78.0.3904.68, 78.0.3904.69

CPE External links

https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_22.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Permissions, Privileges, and Access Controls

Severity: Medium

CVSSv3: 5.5 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C] [PCI]

CVE-ID: N/A

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Description

The vulnerability allows a remote attacker to bypass certain security restrictions.

The vulnerability exists due to unspecified error. A remote attacker can create a specially crafted webpage and bypass implemented security restrictions.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Google Chrome: 78.0.3904.0, 78.0.3904.1, 78.0.3904.2, 78.0.3904.3, 78.0.3904.4, 78.0.3904.5, 78.0.3904.6, 78.0.3904.7, 78.0.3904.8, 78.0.3904.9, 78.0.3904.10, 78.0.3904.11, 78.0.3904.12, 78.0.3904.13, 78.0.3904.14, 78.0.3904.15, 78.0.3904.16, 78.0.3904.17, 78.0.3904.18, 78.0.3904.19, 78.0.3904.20, 78.0.3904.21, 78.0.3904.22, 78.0.3904.23, 78.0.3904.24, 78.0.3904.25, 78.0.3904.26, 78.0.3904.27, 78.0.3904.28, 78.0.3904.29, 78.0.3904.30, 78.0.3904.31, 78.0.3904.32, 78.0.3904.33, 78.0.3904.34, 78.0.3904.35, 78.0.3904.36, 78.0.3904.37, 78.0.3904.38, 78.0.3904.39, 78.0.3904.40, 78.0.3904.41, 78.0.3904.42, 78.0.3904.43, 78.0.3904.44, 78.0.3904.45, 78.0.3904.46, 78.0.3904.47, 78.0.3904.48, 78.0.3904.49, 78.0.3904.50, 78.0.3904.51, 78.0.3904.52, 78.0.3904.53, 78.0.3904.54, 78.0.3904.55, 78.0.3904.56, 78.0.3904.57, 78.0.3904.58, 78.0.3904.59, 78.0.3904.60, 78.0.3904.61, 78.0.3904.62, 78.0.3904.63, 78.0.3904.66, 78.0.3904.67, 78.0.3904.68, 78.0.3904.69

CPE External links

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Permissions, Privileges, and Access Controls

Severity: Medium

CVSSv3: 5.5 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C] [PCI]

CVE-ID: N/A

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Description

The vulnerability allows a remote attacker to bypass certain security restrictions.

The vulnerability exists due to unspecified error. A remote attacker can create a specially crafted webpage and bypass implemented security restrictions.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Google Chrome: 78.0.3904.0, 78.0.3904.1, 78.0.3904.2, 78.0.3904.3, 78.0.3904.4, 78.0.3904.5, 78.0.3904.6, 78.0.3904.7, 78.0.3904.8, 78.0.3904.9, 78.0.3904.10, 78.0.3904.11, 78.0.3904.12, 78.0.3904.13, 78.0.3904.14, 78.0.3904.15, 78.0.3904.16, 78.0.3904.17, 78.0.3904.18, 78.0.3904.19, 78.0.3904.20, 78.0.3904.21, 78.0.3904.22, 78.0.3904.23, 78.0.3904.24, 78.0.3904.25, 78.0.3904.26, 78.0.3904.27, 78.0.3904.28, 78.0.3904.29, 78.0.3904.30, 78.0.3904.31, 78.0.3904.32, 78.0.3904.33, 78.0.3904.34, 78.0.3904.35, 78.0.3904.36, 78.0.3904.37, 78.0.3904.38, 78.0.3904.39, 78.0.3904.40, 78.0.3904.41, 78.0.3904.42, 78.0.3904.43, 78.0.3904.44, 78.0.3904.45, 78.0.3904.46, 78.0.3904.47, 78.0.3904.48, 78.0.3904.49, 78.0.3904.50, 78.0.3904.51, 78.0.3904.52, 78.0.3904.53, 78.0.3904.54, 78.0.3904.55, 78.0.3904.56, 78.0.3904.57, 78.0.3904.58, 78.0.3904.59, 78.0.3904.60, 78.0.3904.61, 78.0.3904.62, 78.0.3904.63, 78.0.3904.66, 78.0.3904.67, 78.0.3904.68, 78.0.3904.69

CPE External links

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Permissions, Privileges, and Access Controls

Severity: Medium

CVSSv3: 5.5 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C] [PCI]

CVE-ID: N/A

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Description

The vulnerability allows a remote attacker to bypass certain security restrictions.

The vulnerability exists due to unspecified error. A remote attacker can create a specially crafted webpage and bypass implemented security restrictions.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Google Chrome: 78.0.3904.0, 78.0.3904.1, 78.0.3904.2, 78.0.3904.3, 78.0.3904.4, 78.0.3904.5, 78.0.3904.6, 78.0.3904.7, 78.0.3904.8, 78.0.3904.9, 78.0.3904.10, 78.0.3904.11, 78.0.3904.12, 78.0.3904.13, 78.0.3904.14, 78.0.3904.15, 78.0.3904.16, 78.0.3904.17, 78.0.3904.18, 78.0.3904.19, 78.0.3904.20, 78.0.3904.21, 78.0.3904.22, 78.0.3904.23, 78.0.3904.24, 78.0.3904.25, 78.0.3904.26, 78.0.3904.27, 78.0.3904.28, 78.0.3904.29, 78.0.3904.30, 78.0.3904.31, 78.0.3904.32, 78.0.3904.33, 78.0.3904.34, 78.0.3904.35, 78.0.3904.36, 78.0.3904.37, 78.0.3904.38, 78.0.3904.39, 78.0.3904.40, 78.0.3904.41, 78.0.3904.42, 78.0.3904.43, 78.0.3904.44, 78.0.3904.45, 78.0.3904.46, 78.0.3904.47, 78.0.3904.48, 78.0.3904.49, 78.0.3904.50, 78.0.3904.51, 78.0.3904.52, 78.0.3904.53, 78.0.3904.54, 78.0.3904.55, 78.0.3904.56, 78.0.3904.57, 78.0.3904.58, 78.0.3904.59, 78.0.3904.60, 78.0.3904.61, 78.0.3904.62, 78.0.3904.63, 78.0.3904.66, 78.0.3904.67, 78.0.3904.68, 78.0.3904.69

CPE External links


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Permissions, Privileges, and Access Controls

Severity: Medium

CVSSv3: 5.5 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C] [PCI]

CVE-ID: N/A

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Description

The vulnerability allows a remote attacker to bypass certain security restrictions.

The vulnerability exists due to unspecified error. A remote attacker can create a specially crafted webpage and bypass implemented security restrictions.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Google Chrome: 78.0.3904.0, 78.0.3904.1, 78.0.3904.2, 78.0.3904.3, 78.0.3904.4, 78.0.3904.5, 78.0.3904.6, 78.0.3904.7, 78.0.3904.8, 78.0.3904.9, 78.0.3904.10, 78.0.3904.11, 78.0.3904.12, 78.0.3904.13, 78.0.3904.14, 78.0.3904.15, 78.0.3904.16, 78.0.3904.17, 78.0.3904.18, 78.0.3904.19, 78.0.3904.20, 78.0.3904.21, 78.0.3904.22, 78.0.3904.23, 78.0.3904.24, 78.0.3904.25, 78.0.3904.26, 78.0.3904.27, 78.0.3904.28, 78.0.3904.29, 78.0.3904.30, 78.0.3904.31, 78.0.3904.32, 78.0.3904.33, 78.0.3904.34, 78.0.3904.35, 78.0.3904.36, 78.0.3904.37, 78.0.3904.38, 78.0.3904.39, 78.0.3904.40, 78.0.3904.41, 78.0.3904.42, 78.0.3904.43, 78.0.3904.44, 78.0.3904.45, 78.0.3904.46, 78.0.3904.47, 78.0.3904.48, 78.0.3904.49, 78.0.3904.50, 78.0.3904.51, 78.0.3904.52, 78.0.3904.53, 78.0.3904.54, 78.0.3904.55, 78.0.3904.56, 78.0.3904.57, 78.0.3904.58, 78.0.3904.59, 78.0.3904.60, 78.0.3904.61, 78.0.3904.62, 78.0.3904.63, 78.0.3904.66, 78.0.3904.67, 78.0.3904.68, 78.0.3904.69

CPE External links

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) Permissions, Privileges, and Access Controls

Severity: Medium

CVSSv3: 5.5 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C] [PCI]

CVE-ID: N/A

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Description

The vulnerability allows a remote attacker to bypass certain security restrictions.

The vulnerability exists due to unspecified error. A remote attacker can create a specially crafted webpage and bypass implemented security restrictions.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Google Chrome: 78.0.3904.0, 78.0.3904.1, 78.0.3904.2, 78.0.3904.3, 78.0.3904.4, 78.0.3904.5, 78.0.3904.6, 78.0.3904.7, 78.0.3904.8, 78.0.3904.9, 78.0.3904.10, 78.0.3904.11, 78.0.3904.12, 78.0.3904.13, 78.0.3904.14, 78.0.3904.15, 78.0.3904.16, 78.0.3904.17, 78.0.3904.18, 78.0.3904.19, 78.0.3904.20, 78.0.3904.21, 78.0.3904.22, 78.0.3904.23, 78.0.3904.24, 78.0.3904.25, 78.0.3904.26, 78.0.3904.27, 78.0.3904.28, 78.0.3904.29, 78.0.3904.30, 78.0.3904.31, 78.0.3904.32, 78.0.3904.33, 78.0.3904.34, 78.0.3904.35, 78.0.3904.36, 78.0.3904.37, 78.0.3904.38, 78.0.3904.39, 78.0.3904.40, 78.0.3904.41, 78.0.3904.42, 78.0.3904.43, 78.0.3904.44, 78.0.3904.45, 78.0.3904.46, 78.0.3904.47, 78.0.3904.48, 78.0.3904.49, 78.0.3904.50, 78.0.3904.51, 78.0.3904.52, 78.0.3904.53, 78.0.3904.54, 78.0.3904.55, 78.0.3904.56, 78.0.3904.57, 78.0.3904.58, 78.0.3904.59, 78.0.3904.60, 78.0.3904.61, 78.0.3904.62, 78.0.3904.63, 78.0.3904.66, 78.0.3904.67, 78.0.3904.68, 78.0.3904.69

CPE External links

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) Permissions, Privileges, and Access Controls

Severity: Medium

CVSSv3: 5.5 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C] [PCI]

CVE-ID: N/A

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Description

The vulnerability allows a remote attacker to bypass certain security restrictions.

The vulnerability exists due to unspecified error. A remote attacker can create a specially crafted webpage and bypass implemented security restrictions.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Google Chrome: 78.0.3904.0, 78.0.3904.1, 78.0.3904.2, 78.0.3904.3, 78.0.3904.4, 78.0.3904.5, 78.0.3904.6, 78.0.3904.7, 78.0.3904.8, 78.0.3904.9, 78.0.3904.10, 78.0.3904.11, 78.0.3904.12, 78.0.3904.13, 78.0.3904.14, 78.0.3904.15, 78.0.3904.16, 78.0.3904.17, 78.0.3904.18, 78.0.3904.19, 78.0.3904.20, 78.0.3904.21, 78.0.3904.22, 78.0.3904.23, 78.0.3904.24, 78.0.3904.25, 78.0.3904.26, 78.0.3904.27, 78.0.3904.28, 78.0.3904.29, 78.0.3904.30, 78.0.3904.31, 78.0.3904.32, 78.0.3904.33, 78.0.3904.34, 78.0.3904.35, 78.0.3904.36, 78.0.3904.37, 78.0.3904.38, 78.0.3904.39, 78.0.3904.40, 78.0.3904.41, 78.0.3904.42, 78.0.3904.43, 78.0.3904.44, 78.0.3904.45, 78.0.3904.46, 78.0.3904.47, 78.0.3904.48, 78.0.3904.49, 78.0.3904.50, 78.0.3904.51, 78.0.3904.52, 78.0.3904.53, 78.0.3904.54, 78.0.3904.55, 78.0.3904.56, 78.0.3904.57, 78.0.3904.58, 78.0.3904.59, 78.0.3904.60, 78.0.3904.61, 78.0.3904.62, 78.0.3904.63, 78.0.3904.66, 78.0.3904.67, 78.0.3904.68, 78.0.3904.69

CPE External links

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

26) Buffer overflow

Severity: High

CVSSv3: 7.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: N/A

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to an unspecified boundary error when processing HTML content. A remote attacker can create a specially crafted website, trick the victim into visiting it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Google Chrome: 78.0.3904.0, 78.0.3904.1, 78.0.3904.2, 78.0.3904.3, 78.0.3904.4, 78.0.3904.5, 78.0.3904.6, 78.0.3904.7, 78.0.3904.8, 78.0.3904.9, 78.0.3904.10, 78.0.3904.11, 78.0.3904.12, 78.0.3904.13, 78.0.3904.14, 78.0.3904.15, 78.0.3904.16, 78.0.3904.17, 78.0.3904.18, 78.0.3904.19, 78.0.3904.20, 78.0.3904.21, 78.0.3904.22, 78.0.3904.23, 78.0.3904.24, 78.0.3904.25, 78.0.3904.26, 78.0.3904.27, 78.0.3904.28, 78.0.3904.29, 78.0.3904.30, 78.0.3904.31, 78.0.3904.32, 78.0.3904.33, 78.0.3904.34, 78.0.3904.35, 78.0.3904.36, 78.0.3904.37, 78.0.3904.38, 78.0.3904.39, 78.0.3904.40, 78.0.3904.41, 78.0.3904.42, 78.0.3904.43, 78.0.3904.44, 78.0.3904.45, 78.0.3904.46, 78.0.3904.47, 78.0.3904.48, 78.0.3904.49, 78.0.3904.50, 78.0.3904.51, 78.0.3904.52, 78.0.3904.53, 78.0.3904.54, 78.0.3904.55, 78.0.3904.56, 78.0.3904.57, 78.0.3904.58, 78.0.3904.59, 78.0.3904.60, 78.0.3904.61, 78.0.3904.62, 78.0.3904.63, 78.0.3904.66, 78.0.3904.67, 78.0.3904.68, 78.0.3904.69

CPE External links

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

27) Buffer overflow

Severity: High

CVSSv3: 7.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: N/A

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to an unspecified boundary error when processing HTML content. A remote attacker can create a specially crafted website, trick the victim into visiting it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Google Chrome: 78.0.3904.0, 78.0.3904.1, 78.0.3904.2, 78.0.3904.3, 78.0.3904.4, 78.0.3904.5, 78.0.3904.6, 78.0.3904.7, 78.0.3904.8, 78.0.3904.9, 78.0.3904.10, 78.0.3904.11, 78.0.3904.12, 78.0.3904.13, 78.0.3904.14, 78.0.3904.15, 78.0.3904.16, 78.0.3904.17, 78.0.3904.18, 78.0.3904.19, 78.0.3904.20, 78.0.3904.21, 78.0.3904.22, 78.0.3904.23, 78.0.3904.24, 78.0.3904.25, 78.0.3904.26, 78.0.3904.27, 78.0.3904.28, 78.0.3904.29, 78.0.3904.30, 78.0.3904.31, 78.0.3904.32, 78.0.3904.33, 78.0.3904.34, 78.0.3904.35, 78.0.3904.36, 78.0.3904.37, 78.0.3904.38, 78.0.3904.39, 78.0.3904.40, 78.0.3904.41, 78.0.3904.42, 78.0.3904.43, 78.0.3904.44, 78.0.3904.45, 78.0.3904.46, 78.0.3904.47, 78.0.3904.48, 78.0.3904.49, 78.0.3904.50, 78.0.3904.51, 78.0.3904.52, 78.0.3904.53, 78.0.3904.54, 78.0.3904.55, 78.0.3904.56, 78.0.3904.57, 78.0.3904.58, 78.0.3904.59, 78.0.3904.60, 78.0.3904.61, 78.0.3904.62, 78.0.3904.63, 78.0.3904.66, 78.0.3904.67, 78.0.3904.68, 78.0.3904.69

CPE External links

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

28) Permissions, Privileges, and Access Controls

Severity: Medium

CVSSv3: 5.5 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C] [PCI]

CVE-ID: N/A

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Description

The vulnerability allows a remote attacker to bypass certain security restrictions.

The vulnerability exists due to unspecified error. A remote attacker can create a specially crafted webpage and bypass implemented security restrictions.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Google Chrome: 78.0.3904.0, 78.0.3904.1, 78.0.3904.2, 78.0.3904.3, 78.0.3904.4, 78.0.3904.5, 78.0.3904.6, 78.0.3904.7, 78.0.3904.8, 78.0.3904.9, 78.0.3904.10, 78.0.3904.11, 78.0.3904.12, 78.0.3904.13, 78.0.3904.14, 78.0.3904.15, 78.0.3904.16, 78.0.3904.17, 78.0.3904.18, 78.0.3904.19, 78.0.3904.20, 78.0.3904.21, 78.0.3904.22, 78.0.3904.23, 78.0.3904.24, 78.0.3904.25, 78.0.3904.26, 78.0.3904.27, 78.0.3904.28, 78.0.3904.29, 78.0.3904.30, 78.0.3904.31, 78.0.3904.32, 78.0.3904.33, 78.0.3904.34, 78.0.3904.35, 78.0.3904.36, 78.0.3904.37, 78.0.3904.38, 78.0.3904.39, 78.0.3904.40, 78.0.3904.41, 78.0.3904.42, 78.0.3904.43, 78.0.3904.44, 78.0.3904.45, 78.0.3904.46, 78.0.3904.47, 78.0.3904.48, 78.0.3904.49, 78.0.3904.50, 78.0.3904.51, 78.0.3904.52, 78.0.3904.53, 78.0.3904.54, 78.0.3904.55, 78.0.3904.56, 78.0.3904.57, 78.0.3904.58, 78.0.3904.59, 78.0.3904.60, 78.0.3904.61, 78.0.3904.62, 78.0.3904.63, 78.0.3904.66, 78.0.3904.67, 78.0.3904.68, 78.0.3904.69

CPE External links

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

29) Permissions, Privileges, and Access Controls

Severity: Medium

CVSSv3: 5.5 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C] [PCI]

CVE-ID: N/A

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Description

The vulnerability allows a remote attacker to bypass certain security restrictions.

The vulnerability exists due to unspecified error. A remote attacker can create a specially crafted webpage and bypass implemented security restrictions.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Google Chrome: 78.0.3904.0, 78.0.3904.1, 78.0.3904.2, 78.0.3904.3, 78.0.3904.4, 78.0.3904.5, 78.0.3904.6, 78.0.3904.7, 78.0.3904.8, 78.0.3904.9, 78.0.3904.10, 78.0.3904.11, 78.0.3904.12, 78.0.3904.13, 78.0.3904.14, 78.0.3904.15, 78.0.3904.16, 78.0.3904.17, 78.0.3904.18, 78.0.3904.19, 78.0.3904.20, 78.0.3904.21, 78.0.3904.22, 78.0.3904.23, 78.0.3904.24, 78.0.3904.25, 78.0.3904.26, 78.0.3904.27, 78.0.3904.28, 78.0.3904.29, 78.0.3904.30, 78.0.3904.31, 78.0.3904.32, 78.0.3904.33, 78.0.3904.34, 78.0.3904.35, 78.0.3904.36, 78.0.3904.37, 78.0.3904.38, 78.0.3904.39, 78.0.3904.40, 78.0.3904.41, 78.0.3904.42, 78.0.3904.43, 78.0.3904.44, 78.0.3904.45, 78.0.3904.46, 78.0.3904.47, 78.0.3904.48, 78.0.3904.49, 78.0.3904.50, 78.0.3904.51, 78.0.3904.52, 78.0.3904.53, 78.0.3904.54, 78.0.3904.55, 78.0.3904.56, 78.0.3904.57, 78.0.3904.58, 78.0.3904.59, 78.0.3904.60, 78.0.3904.61, 78.0.3904.62, 78.0.3904.63, 78.0.3904.66, 78.0.3904.67, 78.0.3904.68, 78.0.3904.69

CPE External links

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

30) Permissions, Privileges, and Access Controls

Severity: Medium

CVSSv3: 5.5 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C] [PCI]

CVE-ID: N/A

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Description

The vulnerability allows a remote attacker to bypass certain security restrictions.

The vulnerability exists due to unspecified error. A remote attacker can create a specially crafted webpage and bypass implemented security restrictions.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Google Chrome: 78.0.3904.0, 78.0.3904.1, 78.0.3904.2, 78.0.3904.3, 78.0.3904.4, 78.0.3904.5, 78.0.3904.6, 78.0.3904.7, 78.0.3904.8, 78.0.3904.9, 78.0.3904.10, 78.0.3904.11, 78.0.3904.12, 78.0.3904.13, 78.0.3904.14, 78.0.3904.15, 78.0.3904.16, 78.0.3904.17, 78.0.3904.18, 78.0.3904.19, 78.0.3904.20, 78.0.3904.21, 78.0.3904.22, 78.0.3904.23, 78.0.3904.24, 78.0.3904.25, 78.0.3904.26, 78.0.3904.27, 78.0.3904.28, 78.0.3904.29, 78.0.3904.30, 78.0.3904.31, 78.0.3904.32, 78.0.3904.33, 78.0.3904.34, 78.0.3904.35, 78.0.3904.36, 78.0.3904.37, 78.0.3904.38, 78.0.3904.39, 78.0.3904.40, 78.0.3904.41, 78.0.3904.42, 78.0.3904.43, 78.0.3904.44, 78.0.3904.45, 78.0.3904.46, 78.0.3904.47, 78.0.3904.48, 78.0.3904.49, 78.0.3904.50, 78.0.3904.51, 78.0.3904.52, 78.0.3904.53, 78.0.3904.54, 78.0.3904.55, 78.0.3904.56, 78.0.3904.57, 78.0.3904.58, 78.0.3904.59, 78.0.3904.60, 78.0.3904.61, 78.0.3904.62, 78.0.3904.63, 78.0.3904.66, 78.0.3904.67, 78.0.3904.68, 78.0.3904.69

CPE External links

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

31) Memory corruption

Severity: Low

CVSSv3: 3.8 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: N/A

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Description

The vulnerability allows a remote attacker to perform denial of service attacl.

The vulnerability exists due to a boundary error when processing HTML data. A remote attacker can create a specially crafted webpage, trick the victim into visiting it and crash the browser.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Google Chrome: 78.0.3904.0, 78.0.3904.1, 78.0.3904.2, 78.0.3904.3, 78.0.3904.4, 78.0.3904.5, 78.0.3904.6, 78.0.3904.7, 78.0.3904.8, 78.0.3904.9, 78.0.3904.10, 78.0.3904.11, 78.0.3904.12, 78.0.3904.13, 78.0.3904.14, 78.0.3904.15, 78.0.3904.16, 78.0.3904.17, 78.0.3904.18, 78.0.3904.19, 78.0.3904.20, 78.0.3904.21, 78.0.3904.22, 78.0.3904.23, 78.0.3904.24, 78.0.3904.25, 78.0.3904.26, 78.0.3904.27, 78.0.3904.28, 78.0.3904.29, 78.0.3904.30, 78.0.3904.31, 78.0.3904.32, 78.0.3904.33, 78.0.3904.34, 78.0.3904.35, 78.0.3904.36, 78.0.3904.37, 78.0.3904.38, 78.0.3904.39, 78.0.3904.40, 78.0.3904.41, 78.0.3904.42, 78.0.3904.43, 78.0.3904.44, 78.0.3904.45, 78.0.3904.46, 78.0.3904.47, 78.0.3904.48, 78.0.3904.49, 78.0.3904.50, 78.0.3904.51, 78.0.3904.52, 78.0.3904.53, 78.0.3904.54, 78.0.3904.55, 78.0.3904.56, 78.0.3904.57, 78.0.3904.58, 78.0.3904.59, 78.0.3904.60, 78.0.3904.61, 78.0.3904.62, 78.0.3904.63, 78.0.3904.66, 78.0.3904.67, 78.0.3904.68, 78.0.3904.69

CPE External links

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

32) Use-after-free

Severity: High

CVSSv3: 7.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2019-13699

CWE-ID: CWE-416 - Use After Free

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error in media component. A remote attacker can create a specially crafted website, trick the victim into visiting it, trigger a use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Google Chrome: 78.0.3904.0, 78.0.3904.1, 78.0.3904.2, 78.0.3904.3, 78.0.3904.4, 78.0.3904.5, 78.0.3904.6, 78.0.3904.7, 78.0.3904.8, 78.0.3904.9, 78.0.3904.10, 78.0.3904.11, 78.0.3904.12, 78.0.3904.13, 78.0.3904.14, 78.0.3904.15, 78.0.3904.16, 78.0.3904.17, 78.0.3904.18, 78.0.3904.19, 78.0.3904.20, 78.0.3904.21, 78.0.3904.22, 78.0.3904.23, 78.0.3904.24, 78.0.3904.25, 78.0.3904.26, 78.0.3904.27, 78.0.3904.28, 78.0.3904.29, 78.0.3904.30, 78.0.3904.31, 78.0.3904.32, 78.0.3904.33, 78.0.3904.34, 78.0.3904.35, 78.0.3904.36, 78.0.3904.37, 78.0.3904.38, 78.0.3904.39, 78.0.3904.40, 78.0.3904.41, 78.0.3904.42, 78.0.3904.43, 78.0.3904.44, 78.0.3904.45, 78.0.3904.46, 78.0.3904.47, 78.0.3904.48, 78.0.3904.49, 78.0.3904.50, 78.0.3904.51, 78.0.3904.52, 78.0.3904.53, 78.0.3904.54, 78.0.3904.55, 78.0.3904.56, 78.0.3904.57, 78.0.3904.58, 78.0.3904.59, 78.0.3904.60, 78.0.3904.61, 78.0.3904.62, 78.0.3904.63, 78.0.3904.66, 78.0.3904.67, 78.0.3904.68, 78.0.3904.69

CPE External links

https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_22.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

33) Buffer overflow

Severity: High

CVSSv3: 7.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2019-13700

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the Blink component. A remote attacker can create a specially crafted website, trick the victim into visiting it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Google Chrome: 78.0.3904.0, 78.0.3904.1, 78.0.3904.2, 78.0.3904.3, 78.0.3904.4, 78.0.3904.5, 78.0.3904.6, 78.0.3904.7, 78.0.3904.8, 78.0.3904.9, 78.0.3904.10, 78.0.3904.11, 78.0.3904.12, 78.0.3904.13, 78.0.3904.14, 78.0.3904.15, 78.0.3904.16, 78.0.3904.17, 78.0.3904.18, 78.0.3904.19, 78.0.3904.20, 78.0.3904.21, 78.0.3904.22, 78.0.3904.23, 78.0.3904.24, 78.0.3904.25, 78.0.3904.26, 78.0.3904.27, 78.0.3904.28, 78.0.3904.29, 78.0.3904.30, 78.0.3904.31, 78.0.3904.32, 78.0.3904.33, 78.0.3904.34, 78.0.3904.35, 78.0.3904.36, 78.0.3904.37, 78.0.3904.38, 78.0.3904.39, 78.0.3904.40, 78.0.3904.41, 78.0.3904.42, 78.0.3904.43, 78.0.3904.44, 78.0.3904.45, 78.0.3904.46, 78.0.3904.47, 78.0.3904.48, 78.0.3904.49, 78.0.3904.50, 78.0.3904.51, 78.0.3904.52, 78.0.3904.53, 78.0.3904.54, 78.0.3904.55, 78.0.3904.56, 78.0.3904.57, 78.0.3904.58, 78.0.3904.59, 78.0.3904.60, 78.0.3904.61, 78.0.3904.62, 78.0.3904.63, 78.0.3904.66, 78.0.3904.67, 78.0.3904.68, 78.0.3904.69

CPE External links

https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_22.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

34) Permissions, Privileges, and Access Controls

Severity: Low

CVSSv3: 3.8 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: N/A

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Description

The vulnerability allows a remote attacker to bypass certain security restrictions.

The vulnerability exists due to unspecified error. A remote attacker can create a specially crafted webpage and bypass implemented security restrictions.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Google Chrome: 78.0.3904.0, 78.0.3904.1, 78.0.3904.2, 78.0.3904.3, 78.0.3904.4, 78.0.3904.5, 78.0.3904.6, 78.0.3904.7, 78.0.3904.8, 78.0.3904.9, 78.0.3904.10, 78.0.3904.11, 78.0.3904.12, 78.0.3904.13, 78.0.3904.14, 78.0.3904.15, 78.0.3904.16, 78.0.3904.17, 78.0.3904.18, 78.0.3904.19, 78.0.3904.20, 78.0.3904.21, 78.0.3904.22, 78.0.3904.23, 78.0.3904.24, 78.0.3904.25, 78.0.3904.26, 78.0.3904.27, 78.0.3904.28, 78.0.3904.29, 78.0.3904.30, 78.0.3904.31, 78.0.3904.32, 78.0.3904.33, 78.0.3904.34, 78.0.3904.35, 78.0.3904.36, 78.0.3904.37, 78.0.3904.38, 78.0.3904.39, 78.0.3904.40, 78.0.3904.41, 78.0.3904.42, 78.0.3904.43, 78.0.3904.44, 78.0.3904.45, 78.0.3904.46, 78.0.3904.47, 78.0.3904.48, 78.0.3904.49, 78.0.3904.50, 78.0.3904.51, 78.0.3904.52, 78.0.3904.53, 78.0.3904.54, 78.0.3904.55, 78.0.3904.56, 78.0.3904.57, 78.0.3904.58, 78.0.3904.59, 78.0.3904.60, 78.0.3904.61, 78.0.3904.62, 78.0.3904.63, 78.0.3904.66, 78.0.3904.67, 78.0.3904.68, 78.0.3904.69

CPE External links

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

35) Permissions, Privileges, and Access Controls

Severity: Medium

CVSSv3: 5.5 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C] [PCI]

CVE-ID: N/A

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Description

The vulnerability allows a remote attacker to bypass certain security restrictions.

The vulnerability exists due to unspecified error. A remote attacker can create a specially crafted webpage and bypass implemented security restrictions.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Google Chrome: 78.0.3904.0, 78.0.3904.1, 78.0.3904.2, 78.0.3904.3, 78.0.3904.4, 78.0.3904.5, 78.0.3904.6, 78.0.3904.7, 78.0.3904.8, 78.0.3904.9, 78.0.3904.10, 78.0.3904.11, 78.0.3904.12, 78.0.3904.13, 78.0.3904.14, 78.0.3904.15, 78.0.3904.16, 78.0.3904.17, 78.0.3904.18, 78.0.3904.19, 78.0.3904.20, 78.0.3904.21, 78.0.3904.22, 78.0.3904.23, 78.0.3904.24, 78.0.3904.25, 78.0.3904.26, 78.0.3904.27, 78.0.3904.28, 78.0.3904.29, 78.0.3904.30, 78.0.3904.31, 78.0.3904.32, 78.0.3904.33, 78.0.3904.34, 78.0.3904.35, 78.0.3904.36, 78.0.3904.37, 78.0.3904.38, 78.0.3904.39, 78.0.3904.40, 78.0.3904.41, 78.0.3904.42, 78.0.3904.43, 78.0.3904.44, 78.0.3904.45, 78.0.3904.46, 78.0.3904.47, 78.0.3904.48, 78.0.3904.49, 78.0.3904.50, 78.0.3904.51, 78.0.3904.52, 78.0.3904.53, 78.0.3904.54, 78.0.3904.55, 78.0.3904.56, 78.0.3904.57, 78.0.3904.58, 78.0.3904.59, 78.0.3904.60, 78.0.3904.61, 78.0.3904.62, 78.0.3904.63, 78.0.3904.66, 78.0.3904.67, 78.0.3904.68, 78.0.3904.69

CPE External links

https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_22.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

36) Permissions, Privileges, and Access Controls

Severity: Medium

CVSSv3: 5.5 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C] [PCI]

CVE-ID: N/A

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Description

The vulnerability allows a remote attacker to bypass certain security restrictions.

The vulnerability exists due to unspecified error. A remote attacker can create a specially crafted webpage and bypass implemented security restrictions.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Google Chrome: 78.0.3904.0, 78.0.3904.1, 78.0.3904.2, 78.0.3904.3, 78.0.3904.4, 78.0.3904.5, 78.0.3904.6, 78.0.3904.7, 78.0.3904.8, 78.0.3904.9, 78.0.3904.10, 78.0.3904.11, 78.0.3904.12, 78.0.3904.13, 78.0.3904.14, 78.0.3904.15, 78.0.3904.16, 78.0.3904.17, 78.0.3904.18, 78.0.3904.19, 78.0.3904.20, 78.0.3904.21, 78.0.3904.22, 78.0.3904.23, 78.0.3904.24, 78.0.3904.25, 78.0.3904.26, 78.0.3904.27, 78.0.3904.28, 78.0.3904.29, 78.0.3904.30, 78.0.3904.31, 78.0.3904.32, 78.0.3904.33, 78.0.3904.34, 78.0.3904.35, 78.0.3904.36, 78.0.3904.37, 78.0.3904.38, 78.0.3904.39, 78.0.3904.40, 78.0.3904.41, 78.0.3904.42, 78.0.3904.43, 78.0.3904.44, 78.0.3904.45, 78.0.3904.46, 78.0.3904.47, 78.0.3904.48, 78.0.3904.49, 78.0.3904.50, 78.0.3904.51, 78.0.3904.52, 78.0.3904.53, 78.0.3904.54, 78.0.3904.55, 78.0.3904.56, 78.0.3904.57, 78.0.3904.58, 78.0.3904.59, 78.0.3904.60, 78.0.3904.61, 78.0.3904.62, 78.0.3904.63, 78.0.3904.66, 78.0.3904.67, 78.0.3904.68, 78.0.3904.69

CPE External links

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

37) Permissions, Privileges, and Access Controls

Severity: Medium

CVSSv3: 5.5 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C] [PCI]

CVE-ID: N/A

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Description

The vulnerability allows a remote attacker to bypass certain security restrictions.

The vulnerability exists due to unspecified error. A remote attacker can create a specially crafted webpage and bypass implemented security restrictions.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Google Chrome: 78.0.3904.0, 78.0.3904.1, 78.0.3904.2, 78.0.3904.3, 78.0.3904.4, 78.0.3904.5, 78.0.3904.6, 78.0.3904.7, 78.0.3904.8, 78.0.3904.9, 78.0.3904.10, 78.0.3904.11, 78.0.3904.12, 78.0.3904.13, 78.0.3904.14, 78.0.3904.15, 78.0.3904.16, 78.0.3904.17, 78.0.3904.18, 78.0.3904.19, 78.0.3904.20, 78.0.3904.21, 78.0.3904.22, 78.0.3904.23, 78.0.3904.24, 78.0.3904.25, 78.0.3904.26, 78.0.3904.27, 78.0.3904.28, 78.0.3904.29, 78.0.3904.30, 78.0.3904.31, 78.0.3904.32, 78.0.3904.33, 78.0.3904.34, 78.0.3904.35, 78.0.3904.36, 78.0.3904.37, 78.0.3904.38, 78.0.3904.39, 78.0.3904.40, 78.0.3904.41, 78.0.3904.42, 78.0.3904.43, 78.0.3904.44, 78.0.3904.45, 78.0.3904.46, 78.0.3904.47, 78.0.3904.48, 78.0.3904.49, 78.0.3904.50, 78.0.3904.51, 78.0.3904.52, 78.0.3904.53, 78.0.3904.54, 78.0.3904.55, 78.0.3904.56, 78.0.3904.57, 78.0.3904.58, 78.0.3904.59, 78.0.3904.60, 78.0.3904.61, 78.0.3904.62, 78.0.3904.63, 78.0.3904.66, 78.0.3904.67, 78.0.3904.68, 78.0.3904.69

CPE External links

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

38) Permissions, Privileges, and Access Controls

Severity: Medium

CVSSv3: 5.5 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C] [PCI]

CVE-ID: N/A

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Description

The vulnerability allows a remote attacker to bypass certain security restrictions.

The vulnerability exists due to unspecified error. A remote attacker can create a specially crafted webpage and bypass implemented security restrictions.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Google Chrome: 78.0.3904.0, 78.0.3904.1, 78.0.3904.2, 78.0.3904.3, 78.0.3904.4, 78.0.3904.5, 78.0.3904.6, 78.0.3904.7, 78.0.3904.8, 78.0.3904.9, 78.0.3904.10, 78.0.3904.11, 78.0.3904.12, 78.0.3904.13, 78.0.3904.14, 78.0.3904.15, 78.0.3904.16, 78.0.3904.17, 78.0.3904.18, 78.0.3904.19, 78.0.3904.20, 78.0.3904.21, 78.0.3904.22, 78.0.3904.23, 78.0.3904.24, 78.0.3904.25, 78.0.3904.26, 78.0.3904.27, 78.0.3904.28, 78.0.3904.29, 78.0.3904.30, 78.0.3904.31, 78.0.3904.32, 78.0.3904.33, 78.0.3904.34, 78.0.3904.35, 78.0.3904.36, 78.0.3904.37, 78.0.3904.38, 78.0.3904.39, 78.0.3904.40, 78.0.3904.41, 78.0.3904.42, 78.0.3904.43, 78.0.3904.44, 78.0.3904.45, 78.0.3904.46, 78.0.3904.47, 78.0.3904.48, 78.0.3904.49, 78.0.3904.50, 78.0.3904.51, 78.0.3904.52, 78.0.3904.53, 78.0.3904.54, 78.0.3904.55, 78.0.3904.56, 78.0.3904.57, 78.0.3904.58, 78.0.3904.59, 78.0.3904.60, 78.0.3904.61, 78.0.3904.62, 78.0.3904.63, 78.0.3904.66, 78.0.3904.67, 78.0.3904.68, 78.0.3904.69

CPE External links

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

39) Buffer overflow

Severity: High

CVSSv3: 7.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: N/A

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to an unspecified boundary error when processing HTML content. A remote attacker can create a specially crafted website, trick the victim into visiting it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Google Chrome: 78.0.3904.0, 78.0.3904.1, 78.0.3904.2, 78.0.3904.3, 78.0.3904.4, 78.0.3904.5, 78.0.3904.6, 78.0.3904.7, 78.0.3904.8, 78.0.3904.9, 78.0.3904.10, 78.0.3904.11, 78.0.3904.12, 78.0.3904.13, 78.0.3904.14, 78.0.3904.15, 78.0.3904.16, 78.0.3904.17, 78.0.3904.18, 78.0.3904.19, 78.0.3904.20, 78.0.3904.21, 78.0.3904.22, 78.0.3904.23, 78.0.3904.24, 78.0.3904.25, 78.0.3904.26, 78.0.3904.27, 78.0.3904.28, 78.0.3904.29, 78.0.3904.30, 78.0.3904.31, 78.0.3904.32, 78.0.3904.33, 78.0.3904.34, 78.0.3904.35, 78.0.3904.36, 78.0.3904.37, 78.0.3904.38, 78.0.3904.39, 78.0.3904.40, 78.0.3904.41, 78.0.3904.42, 78.0.3904.43, 78.0.3904.44, 78.0.3904.45, 78.0.3904.46, 78.0.3904.47, 78.0.3904.48, 78.0.3904.49, 78.0.3904.50, 78.0.3904.51, 78.0.3904.52, 78.0.3904.53, 78.0.3904.54, 78.0.3904.55, 78.0.3904.56, 78.0.3904.57, 78.0.3904.58, 78.0.3904.59, 78.0.3904.60, 78.0.3904.61, 78.0.3904.62, 78.0.3904.63, 78.0.3904.66, 78.0.3904.67, 78.0.3904.68, 78.0.3904.69

CPE External links

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.