CVE-2017-5057 Google Chrome Prior to 58.0.3029.81 Multiple Vulnerabilities

漏洞类别:Local

漏洞等级:

漏洞信息

Google Chrome is a web browser for multiple platforms developed by Google.

This Google Chrome update fixes the following vulnerabilities:
A remote user can create specially crafted content that, when loaded by the target user, will execute arbitrary code on the target user's system.
A use-after-free memory error may occur in Print Preview [CVE-2017-5058].
A use-after-free memory error may occur in Chrome Apps [CVE-2017-5062].
A heap use-after-free memory error may occur in Print Preview [CVE-2017-5058].
A heap overflow may occur in Skia [CVE-2017-5063].
A use-after-free memory error may occur in Blink [CVE-2017-5064].
A type confusion error may occur in Blink [CVE-2017-5059].
A type confusion error may occur in PDFium [CVE-2017-5057].
A remote user can spoof URLs in Omnibox [CVE-2017-5060, CVE-2017-5061, CVE-2017-5067].
A remote user can bypass cross-origin restrictions in Blink [CVE-2017-5069].
A signature handing error may occur in Networking [CVE-2017-5066].
A user interface error may occur in Blink [CVE-2017-5065].

漏洞危害

A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim.

解决方案

Customers are advised to upgrade to Google Chrome 58.0.3029.81 or a later version.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

Google Chrome: Windows

Google Chrome: MAC OS X

0day

发表评论