Request a Demo
Rewterz
Rewterz Threat Alert – Phishing Awareness For Employees and Customers of the Banking Industry
January 30, 2019
Rewterz
Rewterz Threat Alert – New LockerGoga Ransomware used in Cyber Attacks in Multiple Countries
January 31, 2019

Rewterz Threat Advisory – Google Releases Security Updates for Chrome Multiple Vulnerabilities

SEVERITY: HIGH

 

 

CATEGORY: Vulnerability

 

 

ANALYSIS SUMMARY

 

 

Google has released security updates for Google Chrome addressing multiple vulnerabilities that an attacker could exploit to take control of an affected system. There are 58 security fixes in the new version for Windows, Mac and Linux. Following vulnerabilities ranging from Medium to High severity have been addressed.

CVE-2019-5754: Inappropriate implementation in QUIC Networking

CVE-2019-5755: Inappropriate implementation in V8

CVE-2019-5756: Use after free in PDFium

CVE-2019-5757: Type Confusion in SVG

CVE-2019-5758: Use after free in Blink.

CVE-2019-5759: Use after free in HTML select elements.

CVE-2019-5760: Use after free in WebRTC

CVE-2019-5761: Use after free in SwiftShader

CVE-2019-5762: Use after free in PDFium

CVE-2019-5763: Insufficient validation of untrusted input in V8.

CVE-2019-5764: Use after free in WebRTC

CVE-2019-5765: Insufficient policy enforcement in the browser.

CVE-2019-5766: Insufficient policy enforcement in Canvas.

CVE-2019-5767: Incorrect security UI in WebAPKs.

CVE-2019-5768: Insufficient policy enforcement in DevTools.

CVE-2019-5769: Insufficient validation of untrusted input in Blink.

CVE-2019-5770: Heap buffer overflow in WebGL

CVE-2019-5771: Heap buffer overflow in SwiftShader

CVE-2019-5772: Use after free in PDFium

CVE-2019-5773: Insufficient data validation in IndexedDB.

CVE-2019-5774: Insufficient validation of untrusted input in SafeBrowsing.

CVE-2019-5775: Insufficient policy enforcement in Omnibox.

CVE-2019-5776: Insufficient policy enforcement in Omnibox.

CVE-2019-5777: Insufficient policy enforcement in Omnibox.

CVE-2019-5778: Insufficient policy enforcement in Extensions.

CVE-2019-5779: Insufficient policy enforcement in ServiceWorker.

CVE-2019-5780: Insufficient policy enforcement

CVE-2019-5781: Insufficient policy enforcement in Omnibox.

CVE-2019-5782: Inappropriate implementation in V8

Other issues addressed in the update include:

Use after free in FileAPI

Use after free in Mojo interface

Use after free in Payments.

Stack buffer overflow in Skia

 

 

Attackers can exploit these issues to execute arbitrary code in the context of the browser, bypass security restrictions and possibly take control of a system.

 

 

IMPACT

 

Code Execution

Security Bypass

System Access

 

 

REMEDIATION

 

Update to the latest version: Chrome 72.0.3626.81 for Windows, Mac and Linux, which contains a number of fixes and improvements.

 

 

If you think you’re a victim of a cyber-attack, immediately send an email to soc@rewterz.com.