-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
                         AUSCERT Security Bulletin

                               ASB-2018.0037
      Multiple vulnerabilities have been identified for Google Chrome
                              25 January 2018

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:              Google Chrome
Operating System:     Windows
                      OS X
                      Linux variants
Impact/Access:        Execute Arbitrary Code/Commands -- Remote with User Interaction
                      Access Privileged Data          -- Existing Account            
                      Cross-site Scripting            -- Remote with User Interaction
                      Denial of Service               -- Remote with User Interaction
                      Provide Misleading Information  -- Remote with User Interaction
                      Access Confidential Data        -- Remote with User Interaction
                      Unauthorised Access             -- Remote with User Interaction
                      Reduced Security                -- Remote with User Interaction
Resolution:           Patch/Upgrade
CVE Names:            CVE-2018-6054 CVE-2018-6053 CVE-2018-6052
                      CVE-2018-6051 CVE-2018-6050 CVE-2018-6049
                      CVE-2018-6048 CVE-2018-6047 CVE-2018-6046
                      CVE-2018-6045 CVE-2018-6043 CVE-2018-6042
                      CVE-2018-6041 CVE-2018-6040 CVE-2018-6039
                      CVE-2018-6038 CVE-2018-6037 CVE-2018-6036
                      CVE-2018-6035 CVE-2018-6034 CVE-2018-6033
                      CVE-2018-6032 CVE-2018-6031 CVE-2017-15420
Member content until: Saturday, February 24 2018

OVERVIEW

        Multiple vulnerabilities have been identified in Google Chrome prior
        to version 64.0.3282.119. [1]


IMPACT

        The vendor has provided the following details regarding the 
        vulnerabilities:
        
        "[$3000][780450] High CVE-2018-6031: Use after free in PDFium. 
        Reported by Anonymous on 2017-11-01
        
        [$2000][787103] High CVE-2018-6032: Same origin bypass in Shared 
        Worker. Reported by Jun Kokatsu (@shhnjk) on 2017-11-20
        
        [$1000][793620] High CVE-2018-6033: Race when opening downloaded 
        files. Reported by Juho Nurminen on 2017-12-09
        
        [$4000][784183] Medium CVE-2018-6034: Integer overflow in Blink. 
        Reported by Tobias Klein (www.trapkit.de) on 2017-11-12
        
        [$2500][797500] Medium CVE-2018-6035: Insufficient isolation of 
        devtools from extensions. Reported by Rob Wu on 2017-12-23
        
        [$2000][789952] Medium CVE-2018-6036: Integer underflow in 
        WebAssembly. Reported by The UK's National Cyber Security Centre 
        (NCSC) on 2017-11-30
        
        [$1000][753645] Medium CVE-2018-6037: Insufficient user gesture 
        requirements in autofill. Reported by Paul Stone of Context 
        Information Security on 2017-08-09
        
        [$1000][774174] Medium CVE-2018-6038: Heap buffer overflow in WebGL.
        Reported by cloudfuzzer on 2017-10-12
        
        [$1000][775527] Medium CVE-2018-6039: XSS in DevTools. Reported by 
        Juho Nurminen on 2017-10-17
        
        [$1000][778658] Medium CVE-2018-6040: Content security policy 
        bypass. Reported by WenXu Wu of Tencent's Xuanwu Lab on 2017-10-26
        
        [$500][760342] Medium CVE-2018-6041: URL spoof in Navigation. 
        Reported by Luan Herrera on 2017-08-29
        
        [$500][773930] Medium CVE-2018-6042: URL spoof in OmniBox. Reported
        by Khalil Zhani on 2017-10-12
        
        [$500][785809] Medium CVE-2018-6043: Insufficient escaping with 
        external URL handlers. Reported by 0x09AL on 2017-11-16
        
        [$TBD][797497] Medium CVE-2018-6045: Insufficient isolation of 
        devtools from extensions. Reported by Rob Wu on 2017-12-23
        
        [$TBD][798163] Medium CVE-2018-6046: Insufficient isolation of 
        devtools from extensions. Reported by Rob Wu on 2017-12-31
        
        [$TBD][799847] Medium CVE-2018-6047: Cross origin URL leak in WebGL.
        Reported by Masato Kinugawa on 2018-01-08
        
        [$500][763194] Low CVE-2018-6048: Referrer policy bypass in Blink. 
        Reported by Jun Kokatsu (@shhnjk) on 2017-09-08
        
        [$500][771848] Low CVE-2017-15420: URL spoofing in Omnibox. Reported
        by Drew Springall (@_aaspring_) on 2017-10-05
        
        [$500][774438] Low CVE-2018-6049: UI spoof in Permissions. Reported
        by WenXu Wu of Tencent's Xuanwu Lab on 2017-10-13
        
        [$500][774842] Low CVE-2018-6050: URL spoof in OmniBox. Reported by
        Jonathan Kew on 2017-10-15
        
        [$N/a][441275] Low CVE-2018-6051: Referrer leak in XSS Auditor. 
        Reported by Antonio Sanso (@asanso) on 2014-12-11
        
        [$N/A][615608] Low CVE-2018-6052: Incomplete no-referrer policy 
        implementation. Reported by Tanner Emek on 2016-05-28
        
        [$N/A][758169] Low CVE-2018-6053: Leak of page thumbnails in New Tab
        Page. Reported by Asset Kabdenov on 2017-08-23
        
        [$N/A][797511] Low CVE-2018-6054: Use after free in WebUI. Reported
        by Rob Wu on 2017-12-24" [1]
        
        "As usual, our ongoing internal security work was responsible for a
        wide range of fixes:
        
        [805285] Various fixes from internal audits, fuzzing and other 
        initiatives
        
        This release contains additional mitigations against speculative 
        side-channel attack techniques." [1]


MITIGATION

        The vendor recommends users update to the latest version to address
        these issues. [1]


REFERENCES

        [1] Stable Channel Update for Desktop
            https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html

AusCERT has made every effort to ensure that the information contained
in this document is accurate.  However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours 
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBWmljsYx+lLeg9Ub1AQjZrxAAq0I0HzFYZDdpMBjkraI7KS9b0MmdfZQp
ZynrlPYrfv2ObaYPEl8W4p8+6VehID3wtGuKoiaG13WRwiE1Eb6/hlJZhjQpl1B4
vwBfH0qxQoXG9+ahN3zd2boUa6BqlisP7BAjVEvyi51hbletNb755KYKr1tyrg4p
DIYSV1KpxcghfSH3CUb1Y4rV0/t23OFSAsEhN/NQofmqHl4euo4YvS6iOnoNG9nL
Mg75iBQdDnvJjvozsSP2jMwgXhsmt5l5D0UDUDeUM1lcolkK8w8D2bSZo9/35f42
/5UehKsHfXTD1B9BsFFh0mT911vR5pYToSxMn0hHfZucXHGXqMZyqVSrc/Df2yJK
XQxnP8gElKf5e/JqM2eayGloq1z4JY8y3VMcig0DZ+5zT/Z8KYIERKhS/GJXbnDO
dNG71XRUaY6ceVJlq/cO46PF11qBTU/xoGF1TgvglqDdSSTw+6hJXTBCQlyNVq0I
ca71SU9uBLyfJ8Vv5wVPhtSDLrIyIfTvU/JlFgIs/A1pddHSPcsUEoB6jopJ3M/p
WMWzTWjJ8rDsbvovvY4CkkwMjHo+IDyLj3AS+m76XLqj/sbYJPQaeXWZoxs1532f
vhDGFrGCpG6PmtAN6e0Ni8+p/lN4sW1ijN0oAKl6SidEiOCaF633Ljk9i23fyQMl
LyseO4zs0uA=
=6kEV
-----END PGP SIGNATURE-----