Lucene search

Kaspersky LabKLA11132

HistoryNov 07, 2017 - 12:00 a.m.

KLA11132 Multiple vulnerabilities in Google Chrome

2017-11-0700:00:00

Kaspersky Lab

threats.kaspersky.com

107

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.116 Low

EPSS

Percentile

95.2%

JSON

Detect date:

11/07/2017

Severity:

Critical

Description:

Multiple serious vulnerabilities have been found in Google Chrome. Malicious users can exploit these vulnerabilities to cause a denial of service and to execute arbitrary code.

Affected products:

Google Chrome versions earlier than 62.0.3202.89

Solution:

Update to the latest version. File with name old_chrome can be still detected after update. It caused by Google Chrome update policy which does not remove old versions when installing updates. Try to contact vendor for further delete instructions or ignore such kind of alerts at your own risk.
Download Google Chrome

Original advisories:

Stable Channel Update for Desktop

Impacts:

ACE

Related products:

Google Chrome

CVE-IDS:

CVE-2017-153987.5Critical
CVE-2017-153999.3Critical

Microsoft official advisories:

References

chromereleases.googleblog.com/2017/11/stable-channel-update-for-desktop.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+GoogleChromeReleases+(Google+Chrome+Releases)

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15398

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15399

portal.msrc.microsoft.com/en-us/security-guidance

statistics.securelist.com/vulnerability-scan/month

threats.kaspersky.com/en/product/Google-Chrome/

www.google.com/chrome/browser/desktop/