Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT Security Bulletin
ASB-2018.0266
Chrome Stable Channel Update for Desktop 70.0.3538.67
18 October 2018
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Google Chrome
Operating System: UNIX variants (UNIX, Linux, OSX)
Windows
Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction
Denial of Service -- Remote with User Interaction
Provide Misleading Information -- Remote with User Interaction
Access Confidential Data -- Remote with User Interaction
Unauthorised Access -- Remote with User Interaction
Resolution: Patch/Upgrade
CVE Names: CVE-2018-17477 CVE-2018-17476 CVE-2018-17475
CVE-2018-17474 CVE-2018-17473 CVE-2018-17472
CVE-2018-17471 CVE-2018-17470 CVE-2018-17469
CVE-2018-17468 CVE-2018-17467 CVE-2018-17466
CVE-2018-17465 CVE-2018-17464 CVE-2018-17463
CVE-2018-17462 CVE-2018-5179
Member content until: Saturday, November 17 2018
OVERVIEW
Multiple vulnerabilities have been addressed in Google Chrome for
Windows, Mac and Linux version 70.0.3538.67 [1]
IMPACT
The vendor has provided the following summary:
"[$N/A][888926] High CVE-2018-17462: Sandbox escape in AppCache.
Reported by Ned Williamson and Niklas Baumstark working with Beyond
Security's SecuriTeam Secure Disclosure program on 2018-09-25
[$N/A][888923] High CVE-2018-17463: Remote code execution in V8.
Reported by Samuel Gross working with Beyond Security's SecuriTeam
Secure Disclosure program on 2018-09-25
[$3500][872189] High CVE to be assigned: Heap buffer overflow in
Little CMS in PDFium. Reported by Quang Nguyen (@quangnh89) of
Viettel Cyber Security on 2018-08-08
[$3000][887273] High CVE-2018-17464: URL spoof in Omnibox. Reported
by xisigr of Tencent's Xuanwu Lab on 2018-09-20
[$3000][870226] High CVE-2018-17465: Use after free in V8. Reported
by Lin Zuojian on 2018-08-02
[$1000][880906] High CVE-2018-17466: Memory corruption in Angle.
Reported by Omair on 2018-09-05
[$3000][844881] Medium CVE-2018-17467: URL spoof in Omnibox. Reported
by Khalil Zhani on 2018-05-19
[$2000][876822] Medium CVE-2018-17468: Cross-origin URL disclosure in
Blink. Reported by James Lee (@Windowsrcer) of Kryptos Logic on
2018-08-22
[$1000][880675] Medium CVE-2018-17469: Heap buffer overflow in
PDFium. Reported by Zhen Zhou of NSFOCUS Security Team on 2018-09-05
[$1000][877874] Medium CVE-2018-17470: Memory corruption in GPU
Internals. Reported by Zhe Jin(??),Luyao Liu(???) from
Chengdu Security Response Center of Qihoo 360 Technology Co. Ltd on
2018-08-27
[$1000][873080] Medium CVE-2018-17471: Security UI occlusion in full
screen mode. Reported by Lnyas Zhang on 2018-08-10
[$1000][822518] Medium CVE-2018-17472: iframe sandbox escape on iOS.
Reported by Jun Kokatsu (@shhnjk) on 2018-03-16
[$500][882078] Medium CVE-2018-17473: URL spoof in Omnibox. Reported
by Khalil Zhani on 2018-09-08
[$500][843151] Medium CVE-2018-17474: Use after free in Blink.
Reported by Zhe Jin(??),Luyao Liu(???) from Chengdu Security
Response Center of Qihoo 360 Technology Co. Ltd on 2018-05-15
[$500][852634] Low CVE-2018-17475: URL spoof in Omnibox. Reported by
Vladimir Metnew on 2018-06-14
[$500][812769] Low CVE-2018-17476: Security UI occlusion in full
screen mode. Reported by Khalil Zhani on 2018-02-15
[$500][805496] Low CVE-2018-5179: Lack of limits on update() in
ServiceWorker. Reported by Yannic Bonenberger on 2018-01-24
[$N/A][863703] Low CVE-2018-17477: UI spoof in Extensions. Reported
by Aaron Muir Hamilton <aaron@correspondwith.me> on 2018-07-14" [1]
MITIGATION
The vendor advises updating to Chrome 70.0.3538.67 to address these
issues. [1]
REFERENCES
[1] Stable Channel Update for Desktop
https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html
AusCERT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBW8hAyWaOgq3Tt24GAQgHwA/8Do9ys7QhbolVbYXsU+vHQaVSFm7yTPpL
N8xLkk4YBjFK9u2H3MftDimBjIKR1/43HXE9E1+Hy+huHz6R5cMsyriZ4iLDdLpN
XNpsM9w/xoCCzKfLj7zoKGEOT5MnirDk2unasSR5G2yUB/6UTo3nfqz5tk/Y53IG
FYzelRZ1hJuhXRdYipGYgBWZW2fQMiq9xGHicX3SdVk1SBL4UNJQs1otztYjbBnY
C8O3d9glqbHO0sqdeXOqXmbiNgu9lVPOJqGilVtXVMsd7HSaviLCwj8+jGrW78At
/nfsj6FJzqrV32ZAT4xdpVDR5G0REsPVGDxMGXgeDO52Er8HHdsWER1OH1gCyNAd
izmyfuv8VE+Ikq7IvGN9KBgJJ+XT1f6y3Pxzfovo0CTIs8bD006hoRMDQw56nohH
X6Lh5Sr+WPpx1gB/EPWjg5YlkJZgvGhd4OdpqiEejhDldqj9xCUvuJHHAEXtb6Un
YypyP64uC1y6oeBAwOZXUbhxLSvD4ZqUmCWxxllAvdtuV43HEKdAZvO9F4uNCEyI
kmMEZ4vRWScOd8ZjK+mJljNxbUn09fT3mr7wtm2OLvW7JOzpH7cIxDsrl5ELdNZo
hjgayVSJ9c8EU6CTdLkvUmgzP5clhTQ3l00wSvXgpUyNe30JPR9sbE9Svv19wTRa
otyK2dXhhvM=
=RDNT
-----END PGP SIGNATURE-----