KLA11128 Multiple vulnerabilities in Google Chrome

Multiple serious vulnerabilities have been found in Google Chrome. Malicious users can exploit these vulnerabilities to cause denial of service or execute arbitrary code.

Below is a complete list of vulnerabilities:

1. An incorrect assumption about block structure in Blink can be exploited remotely to cause denial of service;
2. An out-of-bounds read in V8 can be exploited remotely to execute arbitrary code and cause denial of service;
3. A use after free in printing can be exploited remotely to obtain sensitive information;
4. A use after free in Blink can be exploited remotely to obtain sensitive information.

Original advisories

Stable Channel Update for Desktop

Exploitation

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Related products

Google-Chrome

CVE list

CVE-2017-5052 high

CVE-2017-5053 high

CVE-2017-5054 high

CVE-2017-5055 critical

CVE-2017-5056 high

Solution

Update to the latest version

Download Google Chrome

Impacts

• ACE

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

• DoS

Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.

• SB

Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.

• SUI

Spoof user interface. Exploitation of vulnerabilities with this impact can lead to changes in user interface to beguile user into inaccurate behavior.

Affected Products

• Google Chrome earlier than 57.0.2987.133 (All branches)