Rewterz Threat Advisory – Multiple Vulnerabilities in Google Chrome

Rewterz Threat Advisory – CVE-2019-14835 – Linux Kernel vhost function privilege escalation Vulnerability

September 19, 2019

Rewterz Threat Advisory – ICS: Tridium Niagara Information Disclosure Vulnerabilities

September 20, 2019

Rewterz Threat Advisory – Multiple Vulnerabilities in Google Chrome

Severity

High

Analysis Summary

Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could result in arbitrary code execution. These vulnerabilities can be exploited if a user visits, or is redirected to, a specially crafted web page.

CVE-2019-13685 (Use-after-free in UI)

CVE-2019-13686 (Use-after-free in error)

CVE-2019-13687 (Use-after-free in media)

CVE-2019-13688 (Use-after-free in media)

Successful exploitation of the most severe of these vulnerabilities could allow an attacker to execute arbitrary code in the context of the browser, obtain sensitive information, bypass security restrictions and perform unauthorized actions, or cause denial-of-service conditions.

Impact

Arbitrary Code Execution
Exposure of sensitive information
Credential theft
Denial of service

Affected Vendors

Google

Affected Products

Google Chrome versions prior to 77.0.3865.90

Remediation

Update to version 77.0.3865.90.

Rewterz Threat Advisory – CVE-2019-14835 – Linux Kernel vhost function privilege escalation Vulnerability

Rewterz Threat Advisory – ICS: Tridium Niagara Information Disclosure Vulnerabilities

Rewterz Threat Advisory – Multiple Vulnerabilities in Google Chrome

Severity

Analysis Summary

Impact

Affected Vendors

Affected Products

Remediation

Security Operations Centers across the region

Saudi Arabia

UAE

Oman

Pakistan