SB2018102306 - Multiple vulnerabilities in Google Chrome
Published: October 23, 2018 Updated: March 10, 2020
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 18 secuirty vulnerabilities.
1) Sandbox escape (CVE-ID: CVE-2018-17462)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to sandbox escape in AppCache. A remote attacker can trick the victim into visiting a specially crafted website, escape sandbox in AppCache and gain unauthorized access to the system to execute arbitrary code with elevated privileges.
Successful exploitation on the vulnerability may result in system compromise.
2) Type Confusion (CVE-ID: CVE-2018-17463)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a type confusion error when processing HTML content in Google Chromes JIT compiler. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a type confusion error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
3) Heap-based buffer overflow (CVE-ID: N/A)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to heap-based buffer overflow in Little CMS in PDFium. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.
Successful exploitation on the vulnerability may result in system compromise.
4) URL spoofing (CVE-ID: CVE-2018-17464)
The vulnerability allows a remote attacker to spoof URLs.The vulnerability exists due to an error in Omnibox. A remote attacker can trick the victim into visiting a specially crafted website and spoof URLs.
5) Use-after-free error (CVE-ID: CVE-2018-17465)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to use-after-free error in V8. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.
Successful exploitation on the vulnerability may result in system compromise.
6) Memory corruption (CVE-ID: CVE-2018-17466)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to boundary error in Angle. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.
Successful exploitation on the vulnerability may result in system compromise.
7) URL spoofing (CVE-ID: CVE-2018-17467)
The vulnerability allows a remote attacker to spoof URLs.The vulnerability exists due to an error in Omnibox. A remote attacker can trick the victim into visiting a specially crafted website and spoof URLs.
8) URL spoofing (CVE-ID: CVE-2018-17473)
The vulnerability allows a remote attacker to spoof URLs.The vulnerability exists due to an error in Omnibox. A remote attacker can trick the victim into visiting a specially crafted website and spoof URLs.
9) URL spoofing (CVE-ID: CVE-2018-17475)
The vulnerability allows a remote attacker to spoof URLs.The vulnerability exists due to an error in Omnibox. A remote attacker can trick the victim into visiting a specially crafted website and spoof URLs.
10) Information disclosure (CVE-ID: CVE-2018-17468)
The vulnerability allows a remote attacker to obtain potentially sensitive information.The vulnerability exists due to cross-origin URL disclosure in Blink. A remote attacker can trick the victim into visiting a specially crafted website and disclose cross-origin URL.
11) Heap-based buffer overflow (CVE-ID: CVE-2018-17469)
The vulnerability allows a remote attacker to cause DoS condition on the target system.The weakness exists due to heap-based buffer overflow in PDFium. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and cause the service to crash.
12) Memory corruption (CVE-ID: CVE-2018-17470)
The vulnerability allows a remote attacker to cause DoS condition on the target system.The weakness exists due to boundary error in GPU Internals. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and cause the service to crash.
13) Use-after-free error (CVE-ID: CVE-2018-17474)
The vulnerability allows a remote attacker to cause DoS condition on the target system.The weakness exists due to use-after-free error in Blink. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and cause the service to crash.
14) Security restrictions bypass (CVE-ID: CVE-2018-17471)
The vulnerability allows a remote attacker to bypass security restrictions on the target system.The weakness exists due to security UI occlusion in full screen mode. A remote attacker can trick the victim into visiting a specially crafted website and bypass security restrictions to conduct further attacks.
15) Security restrictions bypass (CVE-ID: CVE-2018-17472)
The vulnerability allows a remote attacker to bypass security restrictions on the target system.The weakness exists due to iframe sandbox escape on iOS. A remote attacker can trick the victim into visiting a specially crafted website and bypass security restrictions to conduct further attacks.
16) Security restrictions bypass (CVE-ID: CVE-2018-17476)
The vulnerability allows a remote attacker to bypass security restrictions on the target system.The weakness exists due to security UI occlusion in full screen mode. A remote attacker can trick the victim into visiting a specially crafted website and bypass security restrictions to conduct further attacks.
17) Security restrictions bypass (CVE-ID: CVE-2018-5179)
The vulnerability allows a remote attacker to bypass security restrictions on the target system.The weakness exists due to lack of limits on update() in ServiceWorker. A remote attacker can trick the victim into visiting a specially crafted website and bypass security restrictions to conduct further attacks.
18) Spoofing attack (CVE-ID: CVE-2018-17477)
The vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to an error in Blink. A remote attacker can trick the victim into visiting a specially crafted website and conduct UI spoofing attack.
Remediation
Install update from vendor's website.
References
- https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html
- https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/browser/chrome_object_create.rb
- https://ssd-disclosure.com/archives/3783/ssd-advisory-chrome-type-confusion-in-jscreateobject-operation-to-rce