Kaspersky LabKLA11035KLA11035 Multiple vulnerabilities in Google Chrome
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.226 Low
EPSS
Percentile
96.4%
Detect date:
06/05/2017
Severity:
High
Description:
Multiple serious vulnerabilities have been found in Google Chrome versions earlier than 59.0.3071.86. Malicious users can exploit these vulnerabilities possibly to cause a denial of service, execute arbitrary code, bypass security restrictions and obtain sensitive information.
Affected products:
Google Chrome versions earlier than 59.0.3071.86 (all branches)
Solution:
Update to the latest version. File with name old_chrome can be still detected after update. It caused by Google Chrome update policy which does not remove old versions when installing updates. Try to contact vendor for further delete instructions or ignore such kind of alerts at your own risk.
Download Google Chrome
Original advisories:
Stable Channel Update for Desktop
Impacts:
ACE
Related products:
CVE-IDS:
CVE-2017-50876.8High
CVE-2017-50886.8High
CVE-2017-50894.3Warning
CVE-2017-50764.3Warning
CVE-2017-50776.8High
CVE-2017-50786.8High
CVE-2017-50794.3Warning
CVE-2017-50806.8High
CVE-2017-50812.1Warning
CVE-2017-50834.3Warning
CVE-2017-50864.3Warning
CVE-2017-50706.8High
CVE-2017-50716.8High
CVE-2017-50736.8High
CVE-2017-50745.4High
CVE-2017-50754.3Warning
Exploitation:
Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.
References
chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop.html
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5070
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5071
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5073
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5074
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5075
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5076
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5077
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5078
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5079
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5080
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5081
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5083
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5086
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5087
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5088
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5089
statistics.securelist.com/vulnerability-scan/month
threats.kaspersky.com/en/class/Exploit/
threats.kaspersky.com/en/product/Google-Chrome/
www.google.com/chrome/browser/desktop/
Related
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.226 Low
EPSS
Percentile
96.4%