KLA11015 Race condition vulnerability in Google Chrome

A race condition vulnerability was found in the WebRTC component of Google Chrome earlier than 58.0.3029.96. By exploiting this vulnerability malicious users can execute arbitrary code. This vulnerability can be exploited remotely.

Technical details

Vulnerability was found in frame_buffer2.cc

NB: This vulnerability have no public CVSS rating so rating can be changed by the time.

Original advisories

Stable Channel Update for Desktop

Related products

Google-Chrome

CVE list

CVE-2017-5068 high

Solution

Update to the latest version. File with name old_chrome can be still detected after update. It caused by Google Chrome update policy which does not remove old versions when installing updates. Try to contact vendor for further delete instructions or ignore such kind of alerts at your own risk.

Download Google Chrome

Impacts

• ACE

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

• DoS

Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.

• SB

Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.

• PE

Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.

• SUI

Spoof user interface. Exploitation of vulnerabilities with this impact can lead to changes in user interface to beguile user into inaccurate behavior.

Affected Products

• Google Chrome earlier than 58.0.3029.96 (All branches)