KLA11588 Multiple vulnerabilities in Google Chrome

Multiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to execute arbitrary code.

Below is a complete list of vulnerabilities:

1. Use-after-free vulnerability in media can be exploited to arbitrary code execution;
2. Buffer overrun vulnerability in Blink can be exploited to arbitrary code execution;
3. URL spoof vulnerability in navigation can be exploited to arbitrary code execution;
4. Privilege elevation vulnerability in Installer can be exploited to arbitrary code execution;
5. URL bar spoofing vulnerability can be exploited to arbitrary code execution;
6. CSP bypass vulnerability can be exploited to arbitrary code execution;
7. Extension permission bypass vulnerability can be exploited to arbitrary code execution;
8. Out-of-bounds read vulnerability in PDFium can be exploited to arbitrary code execution;
9. File storage disclosure vulnerability can be exploited to arbitrary code execution;
10. HTTP authentication spoof vulnerability can be exploited to arbitrary code execution;
11. File download protection bypass vulnerability can be exploited to arbitrary code execution;
12. Cross-context information leak vulnerability can be exploited to arbitrary code execution;
13. Buffer overflow vulnerability in expat can be exploited to arbitrary code execution;
14. Cross-origin data leak vulnerability can be exploited to arbitrary code execution;
15. CSS injection vulnerability can be exploited to arbitrary code execution;
16. Address bar spoofing vulnerability can be exploited to arbitrary code execution;
17. Service worker state error vulnerability can be exploited to arbitrary code execution;
18. IDN spoof vulnerability can be exploited to arbitrary code execution;

Original advisories

Stable Channel Update for Desktop

Exploitation

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Related products

Google-Chrome

CVE list

CVE-2019-13699 high

CVE-2019-13700 high

CVE-2019-13701 warning

CVE-2019-13702 high

CVE-2019-13703 warning

CVE-2019-13704 warning

CVE-2019-13705 warning

CVE-2019-13706 high

CVE-2019-13707 warning

CVE-2019-13708 warning

CVE-2019-13709 warning

CVE-2019-13710 warning

CVE-2019-13711 warning

CVE-2019-15903 warning

CVE-2019-13713 warning

CVE-2019-13714 warning

CVE-2019-13715 warning

CVE-2019-13716 warning

CVE-2019-13717 warning

CVE-2019-13718 warning

CVE-2019-13719 warning

CVE-2019-13765 warning

Solution

Update to the latest version

Google Chrome download page

Impacts

• ACE

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

• DoS

Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.

• SB

Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.

• SUI

Spoof user interface. Exploitation of vulnerabilities with this impact can lead to changes in user interface to beguile user into inaccurate behavior.

Affected Products

• Google Chrome earlier than 78.0.3904.70