Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
kasperskyKaspersky LabKLA11338
HistoryOct 16, 2018 - 12:00 a.m.

KLA11338 Multiple vulnerabilities in Google Chrome

2018-10-1600:00:00
Kaspersky Lab
threats.kaspersky.com
583

9.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

8.6 High

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.974 High

EPSS

Percentile

99.9%

JSON

Detect date:

10/16/2018

Severity:

High

Description:

Multiple serious vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to execute arbitrary code, spoof user interface, cause denial of service and obtain sensitive information.

Affected products:

Google Chrome earlier than 70.0.3538.67

Solution:

Update to the latest version. File with name old_chrome can be still detected after update. It caused by Google Chrome update policy which does not remove old versions when installing updates. Try to contact vendor for further delete instructions or ignore such kind of alerts at your own risk.
Google Chrome download page

Original advisories:

Stable Channel Update for Desktop

Impacts:

ACE

Related products:

Google Chrome

CVE-IDS:

CVE-2018-174626.8High
CVE-2018-174636.8High
CVE-2018-174644.3Warning
CVE-2018-174656.8High
CVE-2018-174666.8High
CVE-2018-174674.3Warning
CVE-2018-174684.3Warning
CVE-2018-174696.8High
CVE-2018-174704.3Warning
CVE-2018-174714.3Warning
CVE-2018-174726.8High
CVE-2018-174734.3Warning
CVE-2018-174746.8High
CVE-2018-174754.3Warning
CVE-2018-174764.3Warning
CVE-2018-51795.0Warning
CVE-2018-174774.3Warning

Exploitation:

Public exploits exist for this vulnerability.

References

Related

nessus 39
openvas 24
chrome 1
suse 4
debian 4
fedora 2
archlinux 1
osv 5
redhat 5
threatpost 1
gentoo 1
debiancve 17
prion 17
cve 17
redhatcve 17
attackerkb 1
ubuntucve 17
zdt 1
checkpoint_advisories 1
packetstorm 1
cisa_kev 1
veracode 1
rapid7blog 1
github 1
myhack58 1
oraclelinux 4
altlinux 2
mozilla 2
centos 4
amazon 1
ibm 1
kaspersky 1
slackware 1
mageia 1
googleprojectzero 1
nessus
nessus
openSUSE Security Update : Chromium (openSUSE-2019-712)
2019-03-27 00:00:00
openSUSE Security Update : Chromium (openSUSE-2018-1208)
2018-10-23 00:00:00
RHEL 6 : chromium-browser (RHSA-2018:3004)
2018-10-25 00:00:00
openvas
openvas
openSUSE: Security Advisory for Chromium (openSUSE-SU-2018:3273-1)
2018-10-26 00:00:00
openSUSE: Security Advisory for Chromium (openSUSE-SU-2018:3396-1)
2018-10-25 00:00:00
Debian: Security Advisory (DSA-4330-1)
2018-11-01 00:00:00
chrome
chrome
Stable Channel Update for Desktop
2018-10-16 00:00:00
suse
suse
Security update for Chromium (important)
2018-10-22 15:16:54
Security update for Chromium (important)
2018-10-24 21:09:13
Security update for chromium (important)
2018-11-21 00:11:39
debian
debian
[SECURITY] [DSA 4330-1] chromium-browser security update
2018-11-02 11:47:45
[SECURITY] [DSA 4330-1] chromium-browser security update
2018-11-02 11:47:45
[SECURITY] [DSA 4354-1] firefox-esr security update
2018-12-12 21:08:52
fedora
fedora
[SECURITY] Fedora 29 Update: chromium-70.0.3538.77-4.fc29
2018-11-23 02:32:21
[SECURITY] Fedora 28 Update: chromium-70.0.3538.110-1.fc28
2018-11-30 02:14:11
archlinux
archlinux
[ASA-201810-12] chromium: multiple issues
2018-10-17 00:00:00
osv
osv
chromium-browser - security update
2018-11-02 00:00:00
firefox-esr - security update
2018-12-13 00:00:00
firefox-esr - security update
2018-12-12 00:00:00
redhat
redhat
(RHSA-2018:3004) Important: chromium-browser security update
2018-10-24 20:52:49
(RHSA-2019:0159) Important: thunderbird security update
2019-01-24 21:47:18
(RHSA-2018:3831) Critical: firefox security update
2018-12-17 13:56:10
threatpost
threatpost
On Heels of Criticism, Newly-Released Google Chrome 70 Prioritizes Privacy
2018-10-17 14:04:48
gentoo
gentoo
Chromium: Multiple vulnerabilities
2018-11-23 00:00:00
debiancve
debiancve
CVE-2018-17472
2018-11-14 15:29:00
CVE-2018-17475
2018-11-14 15:29:00
CVE-2018-17465
2018-11-14 15:29:00
prion
prion
Hardcoded credentials
2018-11-14 15:29:00
Cross site scripting
2018-11-14 15:29:00
Design/Logic Flaw
2018-11-14 15:29:00
cve
cve
CVE-2018-17471
2018-11-14 15:29:00
CVE-2018-17468
2018-11-14 15:29:00
CVE-2018-17475
2018-11-14 15:29:00
redhatcve
redhatcve
CVE-2018-17477
2018-10-17 11:58:12
CVE-2018-17464
2019-10-10 04:07:07
CVE-2018-17465
2018-10-17 12:00:24
attackerkb
attackerkb
CVE-2018-17463
2018-11-14 00:00:00
ubuntucve
ubuntucve
CVE-2018-17465
2018-11-14 00:00:00
CVE-2018-17463
2018-11-14 00:00:00
CVE-2018-17477
2018-11-14 00:00:00
zdt
zdt
Google Chrome 67 / 68 / 69 Object.create Type Confusion Exploit
2020-03-06 00:00:00
checkpoint_advisories
checkpoint_advisories
Google Chrome V8 Remote Code Execution (CVE-2018-17463)
2020-09-05 00:00:00
packetstorm
packetstorm
Google Chrome 67 / 68 / 69 Object.create Type Confusion
2020-03-05 00:00:00
cisa_kev
cisa_kev
Google Chromium V8 Remote Code Execution Vulnerability
2022-06-08 00:00:00
veracode
veracode
Information Disclosure
2019-05-16 03:23:44
rapid7blog
rapid7blog
Metasploit Wrap-Up
2020-10-23 18:56:55
github
github
Getting RCE in Chrome with incorrect side effect in the JIT compiler
2023-09-26 15:00:54
myhack58
myhack58
In-depth exploration found in the wild iOS exploit chain VI-vulnerability warning-the black bar safety net
2019-09-17 00:00:00
oraclelinux
oraclelinux
thunderbird security update
2019-01-25 00:00:00
firefox security update
2018-12-18 00:00:00
thunderbird security update
2019-01-25 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package thunderbird version 60.4.0-alt1
2018-12-24 00:00:00
Security fix for the ALT Linux 10 package firefox-esr version 60.4.0-alt1
2018-12-11 00:00:00
mozilla
mozilla
Security vulnerabilities fixed in Thunderbird 60.4 — Mozilla
2018-12-21 00:00:00
Security vulnerabilities fixed in Firefox ESR 60.4 — Mozilla
2018-12-11 00:00:00
centos
centos
firefox security update
2018-12-21 19:07:59
thunderbird security update
2019-02-01 23:12:43
firefox security update
2018-12-21 19:08:51
amazon
amazon
Critical: thunderbird
2019-03-07 05:55:00
ibm
ibm
Security Bulletin: Multiple Mozilla Firefox vulnerabilities in IBM SONAS
2019-05-02 08:10:01
kaspersky
kaspersky
KLA11406 Multiple vulnerabilities in Mozilla Thunderbird
2018-12-21 00:00:00
slackware
slackware
[slackware-security] mozilla-firefox
2018-12-12 04:59:01
mageia
mageia
Updated firefox packages fix security vulnerabilities
2018-12-16 00:29:48
googleprojectzero
googleprojectzero
JSC Exploits
2019-08-29 00:00:00

9.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

8.6 High

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.974 High

EPSS

Percentile

99.9%

JSON
Related for KLA11338
nessus39openvas24chrome1suse4debian4fedora2archlinux1osv5redhat5threatpost1gentoo1debiancve17prion17cve17redhatcve17attackerkb1ubuntucve17zdt1checkpoint_advisories1packetstorm1cisa_kev1veracode1rapid7blog1github1myhack581oraclelinux4altlinux2mozilla2centos4amazon1ibm1kaspersky1slackware1mageia1googleprojectzero1