CVE-2017-5111 Google Chrome Prior to 61.0.3163.79 Multiple Vulnerabilities

漏洞类别:Local

漏洞等级:

漏洞信息

Google Chrome is a web browser for multiple platforms developed by Google.

This Google Chrome update fixes the following vulnerabilities:
CVE-2017-5111: Use after free in PDFium.
CVE-2017-5112: Heap buffer overflow in WebGL.
CVE-2017-5113: Heap buffer overflow in Skia.
CVE-2017-5114: Memory lifecycle issue in PDFium.
CVE-2017-5115: Type confusion in V8.
CVE-2017-5116: Type confusion in V8.
CVE-2017-5117: Use of uninitialized value in Skia.
CVE-2017-5118: Bypass of Content Security Policy in Blink.
CVE-2017-5119: Use of uninitialized value in Skia.
CVE-2017-5120: Potential HTTPS downgrade during redirect navigation.

Affected Versions : Google Chrome prior to 61.0.3163.79

漏洞危害

A remote user can bypass sandbox security controls on the target system.
A remote user can obtain potentially sensitive information on the target system.
A remote user can spoof a domain.

解决方案

Customers are advised to upgrade to Google Chrome 61.0.3163.79 or a later version.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

Google Chrome: Windows

Google Chrome: MAC OS X

Leave a Reply