Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2018.0296 Google Chrome 71 released 5 December 2018 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Google Chrome Operating System: Windows UNIX variants (UNIX, Linux, OSX) Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction Denial of Service -- Remote with User Interaction Access Confidential Data -- Remote with User Interaction Reduced Security -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2018-18359 CVE-2018-18358 CVE-2018-18357 CVE-2018-18356 CVE-2018-18355 CVE-2018-18354 CVE-2018-18353 CVE-2018-18352 CVE-2018-18351 CVE-2018-18350 CVE-2018-18349 CVE-2018-18348 CVE-2018-18347 CVE-2018-18346 CVE-2018-18345 CVE-2018-18344 CVE-2018-18343 CVE-2018-18342 CVE-2018-18341 CVE-2018-18340 CVE-2018-18339 CVE-2018-18338 CVE-2018-18337 CVE-2018-18336 CVE-2018-18335 CVE-2018-17481 CVE-2018-17480 Member content until: Friday, January 4 2019 OVERVIEW Mutliple vulnerabilities have been addressed in Google Chrome for Windows, Mac and Linux version 71.0.3578.80. [1] IMPACT Google has provided the following summary: "[$N/A][905940] High CVE-2018-17480: Out of bounds write in V8. Reported by Guang Gong of Alpha Team, Qihoo 360 via Tianfu Cup on 2018-11-16 [$6000][901654] High CVE-2018-17481: Use after frees in PDFium. Reported by Anonymous on 2018-11-04 [$5000][895362] High CVE-2018-18335: Heap buffer overflow in Skia. Reported by Anonymous on 2018-10-15 [$5000][898531] High CVE-2018-18336: Use after free in PDFium. Reported by Huyna at Viettel Cyber Security on 2018-10-24 [$3000][886753] High CVE-2018-18337: Use after free in Blink. Reported by cloudfuzzer on 2018-09-19 [$3000][890576] High CVE-2018-18338: Heap buffer overflow in Canvas. Reported by Zhe Jin & Luyao Liu from Chengdu Security Response Center of Qihoo 360 Technology Co. Ltd on 2018-09-29 [$3000][891187] High CVE-2018-18339: Use after free in WebAudio. Reported by cloudfuzzer on 2018-10-02 [$3000][896736] High CVE-2018-18340: Use after free in MediaRecorder. Reported by Anonymous on 2018-10-18 [$3000][901030] High CVE-2018-18341: Heap buffer overflow in Blink. Reported by cloudfuzzer on 2018-11-01 [$3000][906313] High CVE-2018-18342: Out of bounds write in V8. Reported by Guang Gong of Alpha Team, Qihoo 360 on 2018-11-17 [$1000][882423] High CVE-2018-18343: Use after free in Skia. Reported by Tran Tien Hung (@hungtt28) of Viettel Cyber Security on 2018-09-10 [$TBD][866426] High CVE-2018-18344: Inappropriate implementation in Extensions. Reported by Jann Horn of Google Project Zero on 2018-07-23 [$TBD][900910] High To be allocated: Multiple issues in SQLite via WebSQL. Reported by Wenxiang Qian of Tencent Blade Team on 2018-11-01 [$8000][886976] Medium CVE-2018-18345: Inappropriate implementation in Site Isolation. Reported by Masato Kinugawa and Jun Kokatsu (@shhnjk) on 2018-09-19 [$2000][606104] Medium CVE-2018-18346: Incorrect security UI in Blink. Reported by Luan Herrera (@lbherrera_) on 2016-04-23 [$2000][850824] Medium CVE-2018-18347: Inappropriate implementation in Navigation. Reported by Luan Herrera (@lbherrera_) on 2018-06-08 [$2000][881659] Medium CVE-2018-18348: Inappropriate implementation in Omnibox. Reported by Ahmed Elsobky (@0xsobky) on 2018-09-07 [$2000][894399] Medium CVE-2018-18349: Insufficient policy enforcement in Blink. Reported by David Erceg on 2018-10-11 [$1000][799747] Medium CVE-2018-18350: Insufficient policy enforcement in Blink. Reported by Jun Kokatsu (@shhnjk) on 2018-01-06 [$1000][833847] Medium CVE-2018-18351: Insufficient policy enforcement in Navigation. Reported by Jun Kokatsu (@shhnjk) on 2018-04-17 [$1000][849942] Medium CVE-2018-18352: Inappropriate implementation in Media. Reported by Jun Kokatsu (@shhnjk) on 2018-06-06 [$1000][884179] Medium CVE-2018-18353: Inappropriate implementation in Network Authentication. Reported by Wenxu Wu (@ma7h1as) of Tencent Security Xuanwu Lab on 2018-09-14 [$1000][889459] Medium CVE-2018-18354: Insufficient data validation in Shell Integration. Reported by Wenxu Wu (@ma7h1as) of Tencent Security Xuanwu Lab on 2018-09-26 [$500][896717] Medium CVE-2018-18355: Insufficient policy enforcement in URL Formatter. Reported by evi1m0 of Bilibili Security Team on 2018-10-18 [$TBD][883666] Medium CVE-2018-18356: Use after free in Skia. Reported by Tran Tien Hung (@hungtt28) of Viettel Cyber Security on 2018-09-13 [$TBD][895207] Medium CVE-2018-18357: Insufficient policy enforcement in URL Formatter. Reported by evi1m0 of Bilibili Security Team on 2018-10-15 [$TBD][899126] Medium CVE-2018-18358: Insufficient policy enforcement in Proxy. Reported by Jann Horn of Google Project Zero on 2018-10-26 [$TBD][907714] Medium CVE-2018-18359: Out of bounds read in V8. Reported by cyrilliu of Tencent Zhanlu Lab on 2018-11-22 [$500][851821] Low To be allocated: Inappropriate implementation in PDFium. Reported by Salem Faisal Elmrayed on 2018-06-12 [$500][856135] Low To be allocated: Use after free in Extensions. Reported by Zhe Jin & Luyao Liu from Chengdu Security Response Center of Qihoo 360 Technology Co. Ltd on 2018-06-25 [$500][879965] Low To be allocated: Inappropriate implementation in Navigation. Reported by Luan Herrera (@lbherrera_) on 2018-09-03 [$500][882270] Low To be allocated: Inappropriate implementation in Navigation. Reported by Jesper van den Ende on 2018-09-09 [$500][890558] Low To be allocated: Insufficient policy enforcement in Navigation. Reported by Ryan Pickren (ryanpickren.com) on 2018-09-29 [$TBD][895885] Low To be allocated: Insufficient policy enforcement in URL Formatter. Reported by evi1m0 of Bilibili Security Team on 2018-10-16 " [1] MITIGATION The vendor advises updating to Chrome 71.0.3578.80 to address these issues. [1] REFERENCES [1] Chrome 71 Stable Channel Update for Desktop https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXAdkBWaOgq3Tt24GAQhz6g/+PizfMqZWHGT1NB3Vg/Zj6lv2AzEuRFVK NEqEZCrVbEwyKj1u7QcbCUuT21VGM61OExC96tixSYUnDL0uF3U1hMeu12uLdxs1 8nyGG8Kit5vVKW5JCgBrS0zEbme/0ZxK5GRVMzp3/ZXjojFigNSYLJxjSoStQyB8 IBSCYHK3KodJLGH3d3uEu92z9HTETehaEOiQcD5XxoPOuXM4Pk4CY9AwJ1Ko6k/r Q/MiCqQVAKnofdK+IpNujuuDaOi70HSMy79Ym1czPoL0Tc9z05YSx5NGRQIJ5gxP 1sdcegz6keUBBif5/k76yrTOT2e5Jz02iucuDrFjccZc80F1N9E/szNAW83tif0P opTdE3otOn0AEo2UOX3f7BZD6JQ4SDd7wSEYneAo50HtIbfdsG/wPwgbCZldROlh a8o+aseGp3Hd0K9lL/iA5jva35TaG1qYHgrX0/gUbE+VyycYTrFgL0MwkE2JN1jF bm/W2BXpHqmqU/qiDhxyo1Kf3MP8YrO8tzrE1SUoLDvce5rHp72UEXn5zqz5rMi0 bUxKfXWLZKz4Vv5qsBJO7jpYXxRZkXQeWbHZ3tN5rIyd7z5j7AunDvoaCDktQzuj MNfd0DREJWT+FdY2h/5sfCWbDGNECCWiMTSJWjMrDeJE2srJYY7RuQIpKzdthtx1 Ojzi2+NtFDM= =s1WG -----END PGP SIGNATURE-----