-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
                         AUSCERT Security Bulletin

                               ASB-2018.0292
                         Chrome for Android Update
                             21 November 2018

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:              Google Chrome
Operating System:     Windows
                      UNIX variants (UNIX, Linux, OSX)
Impact/Access:        Execute Arbitrary Code/Commands -- Remote with User Interaction
                      Denial of Service               -- Remote with User Interaction
Resolution:           Patch/Upgrade
CVE Names:            CVE-2018-17479  
Member content until: Friday, December 21 2018
Reference:            https://chromereleases.googleblog.com/2018/11/stable-channel-update-for-desktop_19.html

OVERVIEW

        The Chrome team has released an update which includes a security fix 
        for CVE-2018-17479. [1]


IMPACT

        CVE-2018-17479 is a high severity issue, causing a Use-after-free in 
        GPU. [1]


MITIGATION

        The vendor has advised that the 70.0.3538.110 update for Windows, 
        Mac, and Linux will roll out over the coming days/weeks. [1]


REFERENCES

        [1] Stable Channel Update for Desktop
            https://chromereleases.googleblog.com/2018/11/stable-channel-update-for-desktop_19.html

AusCERT has made every effort to ensure that the information contained
in this document is accurate.  However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours 
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBW/UI42aOgq3Tt24GAQgG2w/9F3cCqp5Kz15Mwul/8BqkJFoYrVeWCI9T
HG9VkiyUqJyTiaVMQDcEiuvsaeaTBPoaYQWRByhAp2LRv15ncWSEXX3mvJftoO3a
rgdUTbCE90YOrM33l/joMSLQ6/yeoz1qwuL5N0zAwLBRZndSAcZEfE/1FupEJUMk
+hER/7pZ0svykOr6e+v1MYyNwkdfLx76UbmSdOwDX9pt+41diPhYeC60jeDMHgml
2gfDM92uyw8HQ49KLonIjfJTmeSJGtoQoWuPuTttgkDjZ+FEFywDq4a/fra8hVaI
oO7WQSfW6JIHfonVJ9HrOd2Ohkv0hi9QKyQWSB+entUGY5JRgTvESbtvhobROh04
btm2vQEBiN1StsaP1LF0V71mv1JDpm86FlVjfFZu2XQC2LYBg1/Kt0AqCPVIrwds
zWiTVitvnOInqc/4VWJZ4xmqqQQDlyHvnoiXm8N0vsIsA//g4ETN1qZqXhdxIStj
5xjPH7lksuUq4o8lFtdWqwLujqym41QfuNFqQluUBu4C5AxwsQDq9JS72xCau0Fz
bOSKfSlZKMVy6NqnF8Wh6jI6v3s9i9LiKTDVkumEhn89DsYmaaTTWRV7X77NwNbD
Ipa38Hdqp/n7+G56TkujbU8W36kodwrbmMCwDCSs3QivKK+fBEP8+jtBsES7b8EX
JbLZU4VG8+M=
=kMBC
-----END PGP SIGNATURE-----