-----BEGIN PGP SIGNED MESSAGE-----
AUSCERT Security Bulletin
Multiple vulnerabilities have been identified in Google Chrome
10 March 2017
AusCERT Security Bulletin Summary
Product: Google Chrome
Operating System: Windows
Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction
Denial of Service -- Remote with User Interaction
Provide Misleading Information -- Remote with User Interaction
Access Confidential Data -- Remote with User Interaction
Reduced Security -- Remote with User Interaction
CVE Names: CVE-2017-5046 CVE-2017-5045 CVE-2017-5044
CVE-2017-5043 CVE-2017-5042 CVE-2017-5041
CVE-2017-5040 CVE-2017-5039 CVE-2017-5038
CVE-2017-5037 CVE-2017-5036 CVE-2017-5035
CVE-2017-5034 CVE-2017-5033 CVE-2017-5032
CVE-2017-5031 CVE-2017-5030 CVE-2017-5029
Member content until: Sunday, April 9 2017
Multiple vulnerabilities have been identified in Google Chrome prior
to version 57.0.2987.98 
The vendor has provided the following details regarding the
"This update includes 36 security fixes. Below, we highlight fixes
that were contributed by external researchers. Please see the Chrome
Security Page for more information.
[$7500] High CVE-2017-5030: Memory corruption in V8. Credit
to Brendon Tiszka
[$5000] High CVE-2017-5031: Use after free in ANGLE. Credit
to Looben Yang
[$3000] High CVE-2017-5032: Out of bounds write in PDFium.
Credit to Ashfaq Ansari - Project Srishti
[$3000] High CVE-2017-5029: Integer overflow in libxslt.
Credit to Holger Fuhrmannek
[$3000] High CVE-2017-5034: Use after free in PDFium. Credit
to Ke Liu of Tencent's Xuanwu LAB
[$3000] High CVE-2017-5035: Incorrect security UI in
Omnibox. Credit to Enzo Aguado
[$3000] High CVE-2017-5036: Use after free in PDFium. Credit
[$1000] High CVE-2017-5037: Multiple out of bounds writes in
ChunkDemuxer. Credit to Yongke Wang of Tencent's Xuanwu Lab
[$500] High CVE-2017-5039: Use after free in PDFium. Credit
[$2000] Medium CVE-2017-5040: Information disclosure in V8.
Credit to Choongwoo Han
[$1000] Medium CVE-2017-5041: Address spoofing in Omnibox.
Credit to Jordi Chancel
[$1000] Medium CVE-2017-5033: Bypass of Content Security
Policy in Blink. Credit to Nicolai GrÃ¸dum
[$1000] Medium CVE-2017-5042: Incorrect handling of cookies
in Cast. Credit to Mike Ruddy
[$1000] Medium CVE-2017-5038: Use after free in GuestView.
Credit to Anonymous
[$1000] Medium CVE-2017-5043: Use after free in GuestView.
Credit to Anonymous
[$1000] Medium CVE-2017-5044: Heap overflow in Skia. Credit
to Kushal Arvind Shah of Fortinet's FortiGuard Labs
[$500] Medium CVE-2017-5045: Information disclosure in XSS
Auditor. Credit to Dhaval Kapil (vampire)
[$500] Medium CVE-2017-5046: Information disclosure in
Blink. Credit to Masato Kinugawa
We would also like to thank all security researchers that worked
with us during the development cycle to prevent security bugs from
ever reaching the stable channel.
As usual, our ongoing internal security work was responsible for a
wide range of fixes:
 Various fixes from internal audits, fuzzing and other
Many of our security bugs are detected using AddressSanitizer,
MemorySanitizer, Control Flow Integrity, or libFuzzer." 
The vendor advises users to upgrade to the latest version to fix
these issues. 
 Stable Channel Update for Desktop
AusCERT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.
Australian Computer Emergency Response Team
The University of Queensland
Internet Email: firstname.lastname@example.org
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----