Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT Security Bulletin
ASB-2018.0296
Google Chrome 71 released
5 December 2018
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Google Chrome
Operating System: Windows
UNIX variants (UNIX, Linux, OSX)
Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction
Denial of Service -- Remote with User Interaction
Access Confidential Data -- Remote with User Interaction
Reduced Security -- Remote with User Interaction
Resolution: Patch/Upgrade
CVE Names: CVE-2018-18359 CVE-2018-18358 CVE-2018-18357
CVE-2018-18356 CVE-2018-18355 CVE-2018-18354
CVE-2018-18353 CVE-2018-18352 CVE-2018-18351
CVE-2018-18350 CVE-2018-18349 CVE-2018-18348
CVE-2018-18347 CVE-2018-18346 CVE-2018-18345
CVE-2018-18344 CVE-2018-18343 CVE-2018-18342
CVE-2018-18341 CVE-2018-18340 CVE-2018-18339
CVE-2018-18338 CVE-2018-18337 CVE-2018-18336
CVE-2018-18335 CVE-2018-17481 CVE-2018-17480
Member content until: Friday, January 4 2019
OVERVIEW
Mutliple vulnerabilities have been addressed in Google Chrome for
Windows, Mac and Linux version 71.0.3578.80. [1]
IMPACT
Google has provided the following summary:
"[$N/A][905940] High CVE-2018-17480: Out of bounds write in V8. Reported by
Guang Gong of Alpha Team, Qihoo 360 via Tianfu Cup on 2018-11-16
[$6000][901654] High CVE-2018-17481: Use after frees in PDFium. Reported by
Anonymous on 2018-11-04
[$5000][895362] High CVE-2018-18335: Heap buffer overflow in Skia. Reported by
Anonymous on 2018-10-15
[$5000][898531] High CVE-2018-18336: Use after free in PDFium. Reported by
Huyna at Viettel Cyber Security on 2018-10-24
[$3000][886753] High CVE-2018-18337: Use after free in Blink. Reported by
cloudfuzzer on 2018-09-19
[$3000][890576] High CVE-2018-18338: Heap buffer overflow in Canvas. Reported
by Zhe Jin & Luyao Liu from Chengdu Security Response Center of
Qihoo 360 Technology Co. Ltd on 2018-09-29
[$3000][891187] High CVE-2018-18339: Use after free in WebAudio. Reported by
cloudfuzzer on 2018-10-02
[$3000][896736] High CVE-2018-18340: Use after free in MediaRecorder. Reported
by Anonymous on 2018-10-18
[$3000][901030] High CVE-2018-18341: Heap buffer overflow in Blink. Reported by
cloudfuzzer on 2018-11-01
[$3000][906313] High CVE-2018-18342: Out of bounds write in V8. Reported by
Guang Gong of Alpha Team, Qihoo 360 on 2018-11-17
[$1000][882423] High CVE-2018-18343: Use after free in Skia. Reported by Tran
Tien Hung (@hungtt28) of Viettel Cyber Security on 2018-09-10
[$TBD][866426] High CVE-2018-18344: Inappropriate implementation in Extensions.
Reported by Jann Horn of Google Project Zero on 2018-07-23
[$TBD][900910] High To be allocated: Multiple issues in SQLite via WebSQL.
Reported by Wenxiang Qian of Tencent Blade Team on 2018-11-01
[$8000][886976] Medium CVE-2018-18345: Inappropriate implementation in Site
Isolation. Reported by Masato Kinugawa and Jun Kokatsu (@shhnjk) on 2018-09-19
[$2000][606104] Medium CVE-2018-18346: Incorrect security UI in Blink. Reported
by Luan Herrera (@lbherrera_) on 2016-04-23
[$2000][850824] Medium CVE-2018-18347: Inappropriate implementation in
Navigation. Reported by Luan Herrera (@lbherrera_) on 2018-06-08
[$2000][881659] Medium CVE-2018-18348: Inappropriate implementation in Omnibox.
Reported by Ahmed Elsobky (@0xsobky) on 2018-09-07
[$2000][894399] Medium CVE-2018-18349: Insufficient policy enforcement in
Blink. Reported by David Erceg on 2018-10-11
[$1000][799747] Medium CVE-2018-18350: Insufficient policy enforcement in
Blink. Reported by Jun Kokatsu (@shhnjk) on 2018-01-06
[$1000][833847] Medium CVE-2018-18351: Insufficient policy enforcement in
Navigation. Reported by Jun Kokatsu (@shhnjk) on 2018-04-17
[$1000][849942] Medium CVE-2018-18352: Inappropriate implementation in Media.
Reported by Jun Kokatsu (@shhnjk) on 2018-06-06
[$1000][884179] Medium CVE-2018-18353: Inappropriate implementation in Network
Authentication. Reported by Wenxu Wu (@ma7h1as) of Tencent Security Xuanwu Lab
on 2018-09-14
[$1000][889459] Medium CVE-2018-18354: Insufficient data validation in Shell
Integration. Reported by Wenxu Wu (@ma7h1as) of Tencent Security Xuanwu Lab on
2018-09-26
[$500][896717] Medium CVE-2018-18355: Insufficient policy enforcement in URL
Formatter. Reported by evi1m0 of Bilibili Security Team on 2018-10-18
[$TBD][883666] Medium CVE-2018-18356: Use after free in Skia. Reported by Tran
Tien Hung (@hungtt28) of Viettel Cyber Security on 2018-09-13
[$TBD][895207] Medium CVE-2018-18357: Insufficient policy enforcement in URL
Formatter. Reported by evi1m0 of Bilibili Security Team on 2018-10-15
[$TBD][899126] Medium CVE-2018-18358: Insufficient policy enforcement in Proxy.
Reported by Jann Horn of Google Project Zero on 2018-10-26
[$TBD][907714] Medium CVE-2018-18359: Out of bounds read in V8. Reported by
cyrilliu of Tencent Zhanlu Lab on 2018-11-22
[$500][851821] Low To be allocated: Inappropriate implementation in PDFium.
Reported by Salem Faisal Elmrayed on 2018-06-12
[$500][856135] Low To be allocated: Use after free in Extensions. Reported by
Zhe Jin & Luyao Liu from Chengdu Security Response Center of
Qihoo 360 Technology Co. Ltd on 2018-06-25
[$500][879965] Low To be allocated: Inappropriate implementation in Navigation.
Reported by Luan Herrera (@lbherrera_) on 2018-09-03
[$500][882270] Low To be allocated: Inappropriate implementation in Navigation.
Reported by Jesper van den Ende on 2018-09-09
[$500][890558] Low To be allocated: Insufficient policy enforcement in
Navigation. Reported by Ryan Pickren (ryanpickren.com) on 2018-09-29
[$TBD][895885] Low To be allocated: Insufficient policy enforcement in URL
Formatter. Reported by evi1m0 of Bilibili Security Team on 2018-10-16
" [1]
MITIGATION
The vendor advises updating to Chrome 71.0.3578.80 to address these
issues. [1]
REFERENCES
[1] Chrome 71 Stable Channel Update for Desktop
https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html
AusCERT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBXAdkBWaOgq3Tt24GAQhz6g/+PizfMqZWHGT1NB3Vg/Zj6lv2AzEuRFVK
NEqEZCrVbEwyKj1u7QcbCUuT21VGM61OExC96tixSYUnDL0uF3U1hMeu12uLdxs1
8nyGG8Kit5vVKW5JCgBrS0zEbme/0ZxK5GRVMzp3/ZXjojFigNSYLJxjSoStQyB8
IBSCYHK3KodJLGH3d3uEu92z9HTETehaEOiQcD5XxoPOuXM4Pk4CY9AwJ1Ko6k/r
Q/MiCqQVAKnofdK+IpNujuuDaOi70HSMy79Ym1czPoL0Tc9z05YSx5NGRQIJ5gxP
1sdcegz6keUBBif5/k76yrTOT2e5Jz02iucuDrFjccZc80F1N9E/szNAW83tif0P
opTdE3otOn0AEo2UOX3f7BZD6JQ4SDd7wSEYneAo50HtIbfdsG/wPwgbCZldROlh
a8o+aseGp3Hd0K9lL/iA5jva35TaG1qYHgrX0/gUbE+VyycYTrFgL0MwkE2JN1jF
bm/W2BXpHqmqU/qiDhxyo1Kf3MP8YrO8tzrE1SUoLDvce5rHp72UEXn5zqz5rMi0
bUxKfXWLZKz4Vv5qsBJO7jpYXxRZkXQeWbHZ3tN5rIyd7z5j7AunDvoaCDktQzuj
MNfd0DREJWT+FdY2h/5sfCWbDGNECCWiMTSJWjMrDeJE2srJYY7RuQIpKzdthtx1
Ojzi2+NtFDM=
=s1WG
-----END PGP SIGNATURE-----