Lucene search

K
kasperskyKaspersky LabKLA11581
HistorySep 16, 2019 - 12:00 a.m.

KLA11581 Multiple vulnerabilities in Google Chrome

2019-09-1600:00:00
Kaspersky Lab
threats.kaspersky.com
71

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8.4

Confidence

High

EPSS

0.002

Percentile

59.7%

Multiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to execute arbitrary code.

Below is a complete list of vulnerabilities:

  1. Use-after-free vulnerability in IndexedDB can be exploited to execute arbitrary code;
  2. Use-after-free vulnerability in WebRTC can be exploited to execute arbitrary code;
  3. Use-after-free vulnerability in audio can be exploited to execute arbitrary code;
  4. Use-after-free vulnerability in V8 can be exploited to execute arbitrary code;
  5. Cross-origin size leak vulnerability in IndexedDB can be exploited to execute arbitrary code.

Original advisories

Stable Channel Update for Desktop

Related products

Google-Chrome

CVE list

CVE-2019-13694 high

CVE-2019-13695 high

CVE-2019-13693 high

CVE-2019-13697 warning

CVE-2019-13696 high

Solution

Update to the latest version

Google Chrome download page

Impacts

  • ACE

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

  • DoS

Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.

  • SB

Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.

Affected Products

  • Google Chrome earlier than 77.0.3865.120

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8.4

Confidence

High

EPSS

0.002

Percentile

59.7%