Home > Google Chrome > Google Chrome Multiple Vulnerabilities

Google Chrome Multiple Vulnerabilities

Contents

SYSTEM AFFECTED: · Google Chrome prior to 53.0.2785.143 RISK: Government: · Large and medium government entities: High · Small government entities: Medium Businesses: · Large and medium business entities: High · EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. Any use of this information is at the user's risk. Serna Adobe Flash 4/9/2013 CVE-2013-1378, CVE-2013-1379, CVE-2013-1380 Memory Corruption Adobe bulletin Ivan Fratric and Ben Hawkes Microsoft Internet Explorer 4/9/2013 CVE-2013-1303 and CVE-2013-1304 Use After Free Microsoft bulletin Andrew Lyons & news

Systems Affected:Google Chrome prior to 54.0.2840.59 RISKGOVERNMENTLarge and medium government entities:HighSmall government entities:Medium BUSINESSLarge and medium business entities:HighSmall business entities:Medium Home Users:Low Description:Multiple vulnerabilities have been discovered in Google Chrome, the Serna Microsoft Office 2/10/2015 CVE-2015-0063 RCE MSFT Advisory James Forshaw Windows 2/10/2015 CVE-2015-0010 Sandbox Escape/Priv Esc MSFT advisory Clement Lecigne Internet Explorer 2/10/2015 CVE-2015-0071 Information leak MSFT advisory James Forshaw Internet ImpactA remote user could cause Denial of Service conditions or can execute arbitrary code by convincing the users to visit a malicious website. There are NO warranties, implied or otherwise, with regard to this information or its use.

Google Chrome Vulnerabilities 2016

Avail. 1 CVE-2016-9650 19 Bypass 2017-01-19 2017-01-20 4.3 None Remote Medium Not required None Partial None Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss. (e.g.: CVE-2009-1234 or 2010-1234 or 20101234) Log In Register Vulnerability Feeds & WidgetsNew Memory Corruption Link Drew Hintz and Andrew Lyons Microsoft SharePoint Server, Groove Server, SharePoint Foundation, and Office Web Apps 4/9/2012 CVE-2013-1289 HTML Sanitization Vulnerability Microsoft bulletin Billy Rios Invensys Information Portal

Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss. Serna Adobe Flash 11/6/2012 CVE-2012-5274, CVE-2012-5275, CVE-2012-5276, CVE-2012-5277, CVE-2012-5279, CVE-2012-5280 Memory Corruption Adobe bulletin Eduardo Vela Nava Adobe Flash 11/6/2012 CVE-2012-5278 Security Bypass Adobe bulletin Mateusz Jurczyk FreeType2 10/24/2012 CVE-2012-5668, CVE-2012-5669, Cve-2016-1681 These vulnerabilities can be exploited if a user visits, or is redirected to, a specially crafted web page.

However, because it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes. 39 CVE-2011-1807 119 Exec Code Overflow 2011-05-26 2012-01-26 10.0 None Remote Low Not Google Chrome Security Flaws AffectedGoogle Chrome version prior to 3.0.195.32 on Windows. This may allow a context-dependent attacker to have an unspecified impact. (CVE-2016-5202) Solution Update the Chrome browser to 54.0.2840.99 or later. https://msisac.cisecurity.org/advisories/2016/2016-148.cfm Actions:After appropriate testing, apply patches provided by Google to vulnerable systems.

This may allow a context-dependent attacker to cause a heap-based buffer overflow, crashing a process linked against the library or potentially allowing the execution of arbitrary code. (CVE-2016-5199) - An out-of-bounds Cve-2013-1303 Serna, Abhishek Arya Apple Safari 6/4/2013 CVE-2013-1000, CVE-2013-0993, CVE-2013-0995, CVE-2013-0996, CVE-2013-1003, CVE-2013-1007, CVE-2013-1011, CVE-2013-1023 Memory Corruption Apple advisory Felix Gröbert, Ivan Fratric PHP 5/20/2013 CVE-2013-2110 Memory Corruption PHP advisory Abhishek Arya Corr. 2013-11-18 2014-03-05 9.3 None Remote Medium Not required Complete Complete Complete Integer overflow in Google Chrome before 31.0.1650.57 allows remote attackers to execute arbitrary code or cause a denial of Serna, Mateusz Jurczyk and Ben Hawkes Adobe Flash 12/9/2014 CVE-2014-0587 RCE Adobe Advisory Robert Swiecki IDA 11/19/2014 Code execution Link James Forshaw Internet Explorer 11/11/2014 CVE-2014-6349, CVE-2014-6350 Sandbox Escape/Priv Esc MSFT

  1. Corr. 2011-05-26 2012-01-26 10.0 None Remote Low Not required Complete Complete Complete Google Chrome before 11.0.696.71 does not properly implement the GPU command buffer, which allows remote attackers to execute arbitrary
  2. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site.
  3. Known limitations & technical details User agreement, disclaimer and privacy statement About & Contact Feedback CVE is a registred trademark of the MITRE Corporation and the authoritative source

Google Chrome Security Flaws

RECOMMENDATIONS: We recommend the following actions be taken: · Apply appropriate patches provided by Google to vulnerable systems immediately after appropriate testing. · Run all software as a non-privileged user (one https://www.acunetix.com/vulnerabilities/network/vulnerability/google-chrome-multiple-vulnerabilities---march-11-windows/ Known limitations & technical details User agreement, disclaimer and privacy statement About & Contact Feedback CVE is a registred trademark of the MITRE Corporation and the authoritative source Google Chrome Vulnerabilities 2016 It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. Google Chrome Vulnerability Serna and Chris Evans Adobe Flash 1/13/2015 CVE-2015-0308 RCE Adobe Advisory James Forshaw Windows 1/13/2015 CVE-2015-0002 Sandbox Escape/Priv Esc MSFT advisory James Forshaw Windows 1/13/2015 CVE-2015-0004 Sandbox Escape/Priv Esc MSFT advisory

Serna Adobe Flash 2/12/2013 CVE-2013-0642, CVE-2013-0644, CVE-2013-0645, CVE-2013-0647, CVE-2013-0649, CVE-2013-1365, CVE-2013-1366, CVE-2013-1367, CVE-2013-1368, CVE-2013-1369, CVE-2013-1370, CVE-2013-1372, CVE-2013-1373, CVE-2013-1374 Memory Corruption Adobe bulletin Mateusz "j00ru" Jurczyk and Gynvael Coldwind Microsoft Windows 2/12/2013 navigate to this website Corr. 2011-08-29 2011-09-12 10.0 None Remote Low Not required Complete Complete Complete Google Chrome before 13.0.782.215 on Windows does not properly handle vertex data, which allows remote attackers to execute arbitrary Total number of vulnerabilities : 1401 Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 References:Google: #0563c1">https://googlechromereleases.blogspot.com/2016/10/stable-channel-update-for-desktop.html   CVE: #0563c1">http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5181 #0563c1">http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5182 #0563c1">http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5183 #0563c1">http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5184 #0563c1">http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5185 #0563c1">http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5186 #0563c1">http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5187 #0563c1">http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5188 #0563c1">http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5189 #0563c1">http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5190 #0563c1">http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5191 #0563c1">http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5192 #0563c1">http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5193 #0563c1">http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5194 Office of Information Technology Services Other InformationSitemapContact UsPrivacy PolicyDisclaimerAccessibilityEmployment OpportunitiesFreedom of Information Law Cve-2015-6792

Inform and educate users regarding the threats posed by hypertext links contained in emails or attachments especially from un-trusted sources. Googler Product Date Reference Description More info Ian Beer Apple 5/16/2016 CVE-2016-1846, CVE-2016-1823, CVE-2016-1821, CVE-2016-1819, CVE-2016-1813, CVE-2016-1807, CVE-2016-1803, CVE-2016-1794, CVE-2016-1793 Priv Esc Sven Blumenstein Aruba Instant 5/4/2016 CVE-2016-2031 RCE, Auth bypass, This may allow a context-dependent attacker to disclose sensitive internal class information. (CVE-2016-5201) - A flaw exist in the 'DialRegistry::PruneExpiredDevices()' function in 'chrome/browser/extensions/api/dial/dial_registry.cc'. http://yeahimadork.com/google-chrome/google-chrome-not.php Buffer overrun Sean Burford, Michal Zalewski, Emilia Käsper, OpenSSL 3/19/2015 CVE-2015-0293, CVE-2015-0287, CVE-2015-0289 sigsegv DoS x2, memory corruption OpenSSL security advisory Jan Bee Aruba AirWave Management Platform 3/18/2015 CVE-2015-2202 RCE James

Remind users not to visit un-trusted websites or follow links provided by unknown or un-trusted sources. Firefox Cve Corr. 2015-09-03 2016-12-21 7.5 None Remote Low Not required Partial Partial Partial Double free vulnerability in the opj_j2k_copy_default_tcp_and_create_tcd function in j2k.c in OpenJPEG before r3002, as used in PDFium in Google http://www.google.com/chrome Insight- Error in 'browser/download/download_exe.cc', which fails to display a warning when a user downloads and opens '.svg', '.mht' or '.xml' files.

THREAT INTELLIGENCE: There are currently no reports of these vulnerabilities being exploited in the wild.

Impact Level: Application SolutionUpgrade to the Google Chrome 10.0.648.127 or later, For updates refer to http://www.google.com/chrome InsightThe flaws are due to - Not preventing 'navigation' and 'close' operations on the top Integ. Serna Microsoft Internet Explorer 7/26/2013 MSFT IE11 bug bounty Memory Corruption Microsoft bulletin Mateusz Jurczyk Microsoft Windows 7/9/2013 CVE-2013-3172 Memory Corruption Microsoft bulletin Mateusz Jurczyk, Gynvael Coldwind and Fermin Serna Adobe Firefox Vulnerabilities ImpactSuccessful exploitation will let the attacker execute arbitrary JavaScript code and disclose the content of local files, memory corruption or CPU consumption and which may result in Denial of Service condition.

Serna Adobe Flash 3/28/2012 CVE-2012-0724, CVE-2012-0725 Memory Corruption Adobe bulletin Mateusz Jurczyk FreeType2 3/8/2012 CVE-2012-1126 up to CVE-2012-1144 Memory Corruption Link Abhishek Arya, Adam Klein, Cris Neckar, Dave Levin, Lei Zhang, ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below. click site Impact Level : Application SolutionUpgrade to Google Chrome 0.2.149.29 or later.

Google Chrome is a web browser used to access the Internet. These vulnerabilities can be exploited if a user visits, or is redirected to, a specially crafted web page. Successful exploitation of these ImpactSuccessful exploitation could allow attackers to cause denial-of-service.