Google Chrome < 62.0.3202.62 Multiple Vulnerabilities

The version of Google Chrome installed on the remote host is prior to 62.0.3202.62, and is affected by multiple vulnerabilities :

• A flaw exists in the ‘JSNativeContextSpecialization::ExtractReceiverMaps()’ function in ‘compiler/js-native-context-specialization.cc’ that is triggered when looking for root maps. This may allow a context-dependent attacker to potentially execute arbitrary code.
• A use-after-free error exists in the CPDF_Document class that is triggered when parsing PDF documents. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code.
• A flaw exists in the download observer class that is triggered when handling downloaded items. This may allow a context-dependent attacker to have an unspecified impact.
• An out-of-bounds read flaw exists in the ‘TextRunHarfBuzz::GetClusterAt()’ function in ‘ui/gfx/render_text_harfbuzz.cc’ that is triggered when handling glyph maps. This may allow a context-dependent attacker to potentially disclose memory contents.
• A flaw exists in the ‘AsmJs::InstantiateAsmWasm()’ function in ‘asmjs/asm-js.cc’ that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to potentially execute arbitrary code.
• A flaw exists in ‘devtools/front_end/inspector.html’ that is triggered when handling DevTools links. This may allow a context-dependent attacker to disclose referrer information.
• An out-of-bounds read flaw exists related to the lcms fast floor function configuration. This may allow a context-dependent attacker to crash a process linked against the library or potentially disclose memory contents.
• A use-after-free error exists in the content_shell component that is triggered when handling URLRequestContext object destruction. This may allow a context-dependent attacker to dereference already freed memory and have an unspecified impact.
• A flaw exists in the ‘MarkupFormatter::AppendQuotedURLAttributeValue()’ function in ‘editing/serializers/MarkupFormatter.cpp’ related to transparent removal of certain white-space characters in certain contexts of HTML elements. This may allow a context-dependent attacker to conduct a mutation cross-site scripting (mXSS) attack.
• A flaw exists that is triggered as it is possible for a renderer to send a ViewHostMsg_ShowValidationMessage request to display a form validation bubble over an omnibox. This may allow a context-dependent attacker to spoof web page contents.
• A race condition exists in ‘frame_host/navigation_controller_impl.cc’ that is triggered when handling frame navigations. With a specially crafted web page, a context-dependent attacker can potentially execute arbitrary code.
• An out-of-bounds access flaw exists that is triggered when handling trap handlers. This may allow a context-dependent attacker to potentially execute arbitrary code.
• A flaw exists as it does not properly limit certain problematic characters ‘e.g’. dot above (U+0307) after certain characters before displaying them as Unicode. With a specially crafted IDN domain, a context-dependent attacker can spoof an omnibox address.
• An infinite loop condition exists in the ‘DoReplaceSubstringsAfterOffset()’ function template in ‘base/strings/string_util.cc’ that is triggered when handling specially crafted strings. This may allow a context-dependent attacker to cause the process to hang.
• An out-of-bounds read flaw exists in the ‘nt::QueryRegValueSZ()’ function in ‘chrome_elf
  t_registry
  t_registry.cc’ that is triggered when handling registry keys that are not NULL terminated. This may allow a local attacker to disclose potentially sensitive memory contents.