-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
                         AUSCERT Security Bulletin

                               ASB-2017.0124
      Multiple vulnerabilities have been identified in Google Chrome
                               26 July 2017

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:              Google Chrome
Operating System:     Windows
                      Linux variants
                      OS X
Impact/Access:        Execute Arbitrary Code/Commands -- Remote with User Interaction
                      Denial of Service               -- Remote with User Interaction
                      Provide Misleading Information  -- Remote with User Interaction
                      Access Confidential Data        -- Remote with User Interaction
Resolution:           Patch/Upgrade
CVE Names:            CVE-2017-7000 CVE-2017-5110 CVE-2017-5109
                      CVE-2017-5108 CVE-2017-5107 CVE-2017-5106
                      CVE-2017-5105 CVE-2017-5104 CVE-2017-5103
                      CVE-2017-5102 CVE-2017-5101 CVE-2017-5100
                      CVE-2017-5099 CVE-2017-5098 CVE-2017-5097
                      CVE-2017-5096 CVE-2017-5095 CVE-2017-5094
                      CVE-2017-5093 CVE-2017-5092 CVE-2017-5091
Member content until: Friday, August 25 2017

OVERVIEW

        40 vulnerabilities have been identified in Google Chrome prior to 
        version 60.0.3112.78 for Windows, Mac, and Linux. [1]


IMPACT

        Google has provided the following information concerning the 
        vulnerabilities:
        
        "This update includes 40 security fixes. Below, we highlight fixes 
        that were contributed by external researchers. Please see the Chrome
        Security Page for more information.
        
        [$10000][728887] High CVE-2017-5091: Use after free in IndexedDB. 
        Reported by Ned Williamson on 2017-06-02
        
        [$5000][733549] High CVE-2017-5092: Use after free in PPAPI. 
        Reported by Yu Zhou, Yuan Deng of Ant-financial Light-Year Security
        Lab on 2017-06-15
        
        [$3000][550017] High CVE-2017-5093: UI spoofing in Blink. Reported 
        by Luan Herrera on 2015-10-31
        
        [$1000][702946] High CVE-2017-5094: Type confusion in extensions. 
        Reported by Anonymous on 2017-03-19
        
        [$1000][732661] High CVE-2017-5095: Out-of-bounds write in PDFium. 
        Reported by Anonymous on 2017-06-13
        
        [$TBD][714442] High CVE-2017-5096: User information leak via Android
        intents. Reported by Takeshi Terada on 2017-04-23
        
        [$TBD][740789] High CVE-2017-5097: Out-of-bounds read in Skia. 
        Reported by Anonymous on 2017-07-11
        
        [$TBD][740803] High CVE-2017-5098: Use after free in V8. Reported by
        Jihoon Kim on 2017-07-11
        
        [$N/A][733548] High CVE-2017-5099: Out-of-bounds write in PPAPI. 
        Reported by Yuan Deng, Yu Zhou of Ant-financial Light-Year Security
        Lab on 2017-06-15
        
        [$2000][718292] Medium CVE-2017-5100: Use after free in Chrome Apps.
        Reported by Anonymous on 2017-05-04
        
        [$1000][681740] Medium CVE-2017-5101: URL spoofing in OmniBox. 
        Reported by Luan Herrera on 2017-01-17
        
        [$1000][727678] Medium CVE-2017-5102: Uninitialized use in Skia. 
        Reported by Anonymous on 2017-05-30
        
        [$500][726199] Medium CVE-2017-5103: Uninitialized use in Skia. 
        Reported by Anonymous on 2017-05-25
        
        [$500][729105] Medium CVE-2017-5104: UI spoofing in browser. 
        Reported by Khalil Zhani on 2017-06-02
        
        [$N/A][742407] Medium CVE-2017-7000: Pointer disclosure in SQLite. 
        Reported by Chaitin Security Research Lab (@ChaitinTech) working 
        with Trend Micro's Zero Day Initiative
        
        [$1000][729979] Low CVE-2017-5105: URL spoofing in OmniBox. Reported
        by Rayyan Bijoora on 2017-06-06
        
        [$TBD][714628] Medium CVE-2017-5106: URL spoofing in OmniBox. 
        Reported by Jack Zac on 2017-04-24
        
        [$N/A][686253] Low CVE-2017-5107: User information leak via SVG. 
        Reported by David Kohlbrenner of UC San Diego on 2017-01-27
        
        [$N/A][695830] Low CVE-2017-5108: Type confusion in PDFium. Reported
        by Guang Gong of Alpha Team, Qihoo 360 on 2017-02-24
        
        [$N/A][710400] Low CVE-2017-5109: UI spoofing in browser. Reported 
        by José María Acuña Morgado on 2017-04-11
        
        [$N/A][717476] Low CVE-2017-5110: UI spoofing in payments dialog. 
        Reported by xisigr of Tencent's Xuanwu Lab on 2017-05-02
        
        We would also like to thank all security researchers that worked 
        with us during the development cycle to prevent security bugs from 
        ever reaching the stable channel.
        
        As usual, our ongoing internal security work was responsible for a 
        wide range of fixes:
        
        [748565] Various fixes from internal audits, fuzzing and other 
        initiatives
        
        Many of our security bugs are detected using AddressSanitizer, 
        MemorySanitizer, UndefinedBehaviorSanitizer, Control Flow Integrity,
        libFuzzer or AFL." [1]


MITIGATION

        Google advises users to upgrade to the latest version to fix these 
        issues. [1]


REFERENCES

        [1] Stable Channel Update for Desktop
            https://chromereleases.googleblog.com/2017/07/stable-channel-update-for-desktop.html

AusCERT has made every effort to ensure that the information contained
in this document is accurate.  However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours 
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBWXgnBox+lLeg9Ub1AQhFJQ/+Ogfz8tdamfCqLXGFhoJ0XPTTjmllaR85
9iO1htKwTtlm1B7SXljY7bovVpMfHf8KaTexgxmgy3EOOUg1l1MKGynr3ay252gt
wXTNTuL1rG/p5s9IDBw8IqD6MSiFFIZPAv/2ISenhWO5Khx316SvlAV/Kr4p6Ibh
2dNtiGYur+8Yiw9OkOZkoqdC/U+67yh+98k0Z/yObdlKDZnSf5H7ktD7zMiK/XTi
B+aY2IL+Y39VlCPW7lU3ufAcBnS+563qVtQa4lI5UiwVcdW4t93P1r4jwovCtEsP
vSSN/0F+wZAqHQfFqSNpZcXO5eRjG12JxpR/Y+6jtJ86XWBvczqGhPmE4OL5X9b5
goCsvKEFA/5MpVuPHqHpXfn0xsmgXLqYMvLaEUhP7rGTiUU2gN2EpDirh+6HrXFn
O9yu9VIrWSA5lHJUptTIGo3jRzmO14yaXnsGfby9X5nIMUNUfU/r4caKCClJeRP2
PITmoVjR0SvLvUS5xbgCOm4Q273Vi34ECYx8GJqWVbkrM8W2R8bZTlL8aGajHHP+
C4pqKVuF/p8QcCU9lPBL9610TeBiNpEdY0VaX/1N7dCpnnYaVqXo+yBADHlAQKOb
48M0NXBb/ZAWWhe1v2BfVrZZsRdcXzXQ+rC2+j0CANUKjiPhUVgsQIf72MBdvpDD
oU3tL8JC55g=
=eXz3
-----END PGP SIGNATURE-----