Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT Security Bulletin
ASB-2018.0037
Multiple vulnerabilities have been identified for Google Chrome
25 January 2018
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Google Chrome
Operating System: Windows
OS X
Linux variants
Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction
Access Privileged Data -- Existing Account
Cross-site Scripting -- Remote with User Interaction
Denial of Service -- Remote with User Interaction
Provide Misleading Information -- Remote with User Interaction
Access Confidential Data -- Remote with User Interaction
Unauthorised Access -- Remote with User Interaction
Reduced Security -- Remote with User Interaction
Resolution: Patch/Upgrade
CVE Names: CVE-2018-6054 CVE-2018-6053 CVE-2018-6052
CVE-2018-6051 CVE-2018-6050 CVE-2018-6049
CVE-2018-6048 CVE-2018-6047 CVE-2018-6046
CVE-2018-6045 CVE-2018-6043 CVE-2018-6042
CVE-2018-6041 CVE-2018-6040 CVE-2018-6039
CVE-2018-6038 CVE-2018-6037 CVE-2018-6036
CVE-2018-6035 CVE-2018-6034 CVE-2018-6033
CVE-2018-6032 CVE-2018-6031 CVE-2017-15420
Member content until: Saturday, February 24 2018
OVERVIEW
Multiple vulnerabilities have been identified in Google Chrome prior
to version 64.0.3282.119. [1]
IMPACT
The vendor has provided the following details regarding the
vulnerabilities:
"[$3000][780450] High CVE-2018-6031: Use after free in PDFium.
Reported by Anonymous on 2017-11-01
[$2000][787103] High CVE-2018-6032: Same origin bypass in Shared
Worker. Reported by Jun Kokatsu (@shhnjk) on 2017-11-20
[$1000][793620] High CVE-2018-6033: Race when opening downloaded
files. Reported by Juho Nurminen on 2017-12-09
[$4000][784183] Medium CVE-2018-6034: Integer overflow in Blink.
Reported by Tobias Klein (www.trapkit.de) on 2017-11-12
[$2500][797500] Medium CVE-2018-6035: Insufficient isolation of
devtools from extensions. Reported by Rob Wu on 2017-12-23
[$2000][789952] Medium CVE-2018-6036: Integer underflow in
WebAssembly. Reported by The UK's National Cyber Security Centre
(NCSC) on 2017-11-30
[$1000][753645] Medium CVE-2018-6037: Insufficient user gesture
requirements in autofill. Reported by Paul Stone of Context
Information Security on 2017-08-09
[$1000][774174] Medium CVE-2018-6038: Heap buffer overflow in WebGL.
Reported by cloudfuzzer on 2017-10-12
[$1000][775527] Medium CVE-2018-6039: XSS in DevTools. Reported by
Juho Nurminen on 2017-10-17
[$1000][778658] Medium CVE-2018-6040: Content security policy
bypass. Reported by WenXu Wu of Tencent's Xuanwu Lab on 2017-10-26
[$500][760342] Medium CVE-2018-6041: URL spoof in Navigation.
Reported by Luan Herrera on 2017-08-29
[$500][773930] Medium CVE-2018-6042: URL spoof in OmniBox. Reported
by Khalil Zhani on 2017-10-12
[$500][785809] Medium CVE-2018-6043: Insufficient escaping with
external URL handlers. Reported by 0x09AL on 2017-11-16
[$TBD][797497] Medium CVE-2018-6045: Insufficient isolation of
devtools from extensions. Reported by Rob Wu on 2017-12-23
[$TBD][798163] Medium CVE-2018-6046: Insufficient isolation of
devtools from extensions. Reported by Rob Wu on 2017-12-31
[$TBD][799847] Medium CVE-2018-6047: Cross origin URL leak in WebGL.
Reported by Masato Kinugawa on 2018-01-08
[$500][763194] Low CVE-2018-6048: Referrer policy bypass in Blink.
Reported by Jun Kokatsu (@shhnjk) on 2017-09-08
[$500][771848] Low CVE-2017-15420: URL spoofing in Omnibox. Reported
by Drew Springall (@_aaspring_) on 2017-10-05
[$500][774438] Low CVE-2018-6049: UI spoof in Permissions. Reported
by WenXu Wu of Tencent's Xuanwu Lab on 2017-10-13
[$500][774842] Low CVE-2018-6050: URL spoof in OmniBox. Reported by
Jonathan Kew on 2017-10-15
[$N/a][441275] Low CVE-2018-6051: Referrer leak in XSS Auditor.
Reported by Antonio Sanso (@asanso) on 2014-12-11
[$N/A][615608] Low CVE-2018-6052: Incomplete no-referrer policy
implementation. Reported by Tanner Emek on 2016-05-28
[$N/A][758169] Low CVE-2018-6053: Leak of page thumbnails in New Tab
Page. Reported by Asset Kabdenov on 2017-08-23
[$N/A][797511] Low CVE-2018-6054: Use after free in WebUI. Reported
by Rob Wu on 2017-12-24" [1]
"As usual, our ongoing internal security work was responsible for a
wide range of fixes:
[805285] Various fixes from internal audits, fuzzing and other
initiatives
This release contains additional mitigations against speculative
side-channel attack techniques." [1]
MITIGATION
The vendor recommends users update to the latest version to address
these issues. [1]
REFERENCES
[1] Stable Channel Update for Desktop
https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html
AusCERT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBWmljsYx+lLeg9Ub1AQjZrxAAq0I0HzFYZDdpMBjkraI7KS9b0MmdfZQp
ZynrlPYrfv2ObaYPEl8W4p8+6VehID3wtGuKoiaG13WRwiE1Eb6/hlJZhjQpl1B4
vwBfH0qxQoXG9+ahN3zd2boUa6BqlisP7BAjVEvyi51hbletNb755KYKr1tyrg4p
DIYSV1KpxcghfSH3CUb1Y4rV0/t23OFSAsEhN/NQofmqHl4euo4YvS6iOnoNG9nL
Mg75iBQdDnvJjvozsSP2jMwgXhsmt5l5D0UDUDeUM1lcolkK8w8D2bSZo9/35f42
/5UehKsHfXTD1B9BsFFh0mT911vR5pYToSxMn0hHfZucXHGXqMZyqVSrc/Df2yJK
XQxnP8gElKf5e/JqM2eayGloq1z4JY8y3VMcig0DZ+5zT/Z8KYIERKhS/GJXbnDO
dNG71XRUaY6ceVJlq/cO46PF11qBTU/xoGF1TgvglqDdSSTw+6hJXTBCQlyNVq0I
ca71SU9uBLyfJ8Vv5wVPhtSDLrIyIfTvU/JlFgIs/A1pddHSPcsUEoB6jopJ3M/p
WMWzTWjJ8rDsbvovvY4CkkwMjHo+IDyLj3AS+m76XLqj/sbYJPQaeXWZoxs1532f
vhDGFrGCpG6PmtAN6e0Ni8+p/lN4sW1ijN0oAKl6SidEiOCaF633Ljk9i23fyQMl
LyseO4zs0uA=
=6kEV
-----END PGP SIGNATURE-----