Skip Ribbon Commands
Skip to main content
Computer Emergency Response Team of Mauritius (CERT-MU)

VN-2017-17


Multiple vulnerabilities in Google Chrome
Severity Rating: High
System Affected:  
 
  • Version(s): prior to 56.0.2924.76
 
Description:
Multiple vulnerabilities have been identified in Google Chrome and can be exploited by remote attackers to cause execution of arbitrary code on the vulnerable system, bypass security controls on the target system, obtain potentially sensitive information on the target system, spoof user interface and conduct cross-site scripting attacks. The vulnerabilities reported are as follows:
·         A vulnerability exists because the software does not properly filter HTML code from user-supplied input before displaying the input in Blink, in 'chrome://apps', and in 'chrome://downloads' .
·         A vulnerability exists that can allow a remote user to access files via Devtools
·         A vulnerability exists where a remote user can spoof the address bar via Omnibox
·         A vulnerability exists where a remote user can spoof the user interface in Blink
·         A vulnerability exists a remote user can spoof the user interface
·         A vulnerability exists that can allow a remote user to bypass Content Security Policy in Blink
·         A vulnerability exists due to a heap overflow that may occur in V8
·         A vulnerability exists due to a Heap overflow that may occur in Skia
·         A vulnerability exists due to a Heap overflow that may occur in FFmpeg
·         A vulnerability exists due to use-after-free memory error that may occur in Renderer.
·         A vulnerability exists due to use-after-free memory error that may occur Extensions.
·         A type confusion error to occur in metrics
·         An uninitialized memory access may occur in webm video
·         An out-of-bounds memory access error may  occur in WebRTC
Source:
Solution
Users are advised to apply updates.
More information is available on:
Google Chrome Release
 
Vendor Information
Google
 
 
CVE Information
 
More CVE available on:
References
Security Tracker
Google Chrome Release
 
 
Contact Information
 
Postal address
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street
Port Louis