-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
                         AUSCERT Security Bulletin

                               ASB-2018.0210
       Multiple vulnerabilities have been addressed in Google Chrome
                             7 September 2018

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:              Google Chrome
Operating System:     Windows
                      UNIX variants (UNIX, Linux, OSX)
Impact/Access:        Execute Arbitrary Code/Commands -- Remote with User Interaction
                      Denial of Service               -- Remote with User Interaction
                      Provide Misleading Information  -- Remote with User Interaction
                      Access Confidential Data        -- Remote with User Interaction
                      Reduced Security                -- Remote with User Interaction
Resolution:           Patch/Upgrade
CVE Names:            CVE-2018-16088 CVE-2018-16087 CVE-2018-16086
                      CVE-2018-16085 CVE-2018-16084 CVE-2018-16083
                      CVE-2018-16082 CVE-2018-16081 CVE-2018-16080
                      CVE-2018-16079 CVE-2018-16078 CVE-2018-16077
                      CVE-2018-16076 CVE-2018-16075 CVE-2018-16074
                      CVE-2018-16073 CVE-2018-16072 CVE-2018-16071
                      CVE-2018-16070 CVE-2018-16069 CVE-2018-16068
                      CVE-2018-16067 CVE-2018-16066 CVE-2018-16065
Member content until: Sunday, October  7 2018

OVERVIEW

        Multiple vulnerabilities have been addressed in Google Chrome for 
        Windows, Mac and Linux version 69.0.3497.8 [1]


IMPACT

        The vendor has provided the following summary:
        
        "This update includes 40 security fixes. Below, we highlight fixes that
        were contributed by external researchers. Please see the Chrome 
        Security Page for more information.
        
        [$5000][867776] High CVE-2018-16065: Out of bounds write in V8. 
        Reported by Brendon Tiszka on 2018-07-26
        
        [$3000][847570] High CVE-2018-16066:Out of bounds read in Blink. 
        Reported by cloudfuzzer on 2018-05-29
        
        [$500][860522] High CVE-2018-16067: Out of bounds read in WebAudio. 
        Reported by Zhe Jin Luyao Liu from Chengdu Security Response Center
        of Qihoo 360 Technology Co. Ltd on 2018-07-05
        
        [N/A][877182] High CVE-2018-16068: Out of bounds write in Mojo. 
        Reported by Mark Brand of Google Project Zero on 2018-08-23
        
        [N/A][848238] High CVE-2018-16069:Out of bounds read in SwiftShader.
        Reported by Mark Brand of Google Project Zero on 2018-05-31
        
        [N/A][848716] High CVE-2018-16070: Integer overflow in Skia. 
        Reported by Ivan Fratric of Google Project Zero on 2018-06-01
        
        [N/A][855211] High CVE-2018-16071: Use after free in WebRTC. Reported
        by Natalie Silvanovich of Google Project Zero on 2018-06-21
        
        [$4000][864283] Medium CVE-2018-16072: Cross origin pixel leak in 
        Chrome's interaction with Android's MediaPlayer. Reported by Jun 
        Kokatsu (@shhnjk) on 2018-07-17
        
        [$3000][863069] Medium CVE-2018-16073: Site Isolation bypass after 
        tab restore. Reported by Jun Kokatsu (@shhnjk) on 2018-07-12
        
        [$3000][863623] Medium CVE-2018-16074: Site Isolation bypass using 
        Blob URLS. Reported by Jun Kokatsu (@shhnjk) on 2018-07-13
        
        [$2500][864932] Medium: Out of bounds read in Little-CMS. Reported 
        by Quang Nguyễn (@quangnh89) of Viettel Cyber Security on 2018-07-18
        
        [$2000][788936] Medium CVE-2018-16075: Local file access in Blink.
        Reported by Pepe Vila (@cgvwzq) on 2017-11-27
        
        [$2000][867501] Medium CVE-2018-16076: Out of bounds read in PDFium.
        Reported by Aleksandar Nikolic of Cisco Talos on 2018-07-25
        
        [$2000][848123] Medium: Cross origin read. Reported by Luan Herrera
        (@lbherrera_) on 2018-05-31
        
        [848535] Low CVE-2018-16087: Multiple download restriction bypass.
        
        [848531] Low CVE-2018-16088: User gesture requirement bypass.
        
        [$1000][377995] Medium CVE-2018-16077: Content security policy 
        bypass in Blink. Reported by Manuel Caballero on 2014-05-27
        
        [$1000][858820] Medium CVE-2018-16078: Credit card information 
        leak in Autofill. Reported by Cailan Sacks on 2018-06-28
        
        [$500][723503] Medium CVE-2018-16079: URL spoof in permission 
        dialogs. Reported by Markus Vervier and Michele Orrù (antisnatchor)
        on 2017-05-17
        
        [$500][858929] Medium CVE-2018-16080: URL spoof in full screen mode.
        Reported by Khalil Zhani on 2018-06-29
        
        [N/A][666299] Medium CVE-2018-16081: Local file access in DevTools.
        Reported by Jann Horn of Google Project Zero on 2016-11-17
        
        [N/A][851398] Medium CVE-2018-16082: Stack buffer overflow in 
        SwiftShader. Reported by Omair on 2018-06-11
        
        [N/A][856823] Medium CVE-2018-16083: Out of bounds read in WebRTC. 
        Reported by Natalie Silvanovich of Google Project Zero on 2018-06-26
        
        [$1000][865202] Low CVE-2018-16084: User confirmation bypass in 
        external protocol handling. Reported by Jun Kokatsu (@shhnjk) on 
        2018-07-18
        
        [$500][844428] Low CVE-2018-16086: Script injection in New Tab Page. 
        Reported by Alexander Shutov (Dark Reader extension) on 2018-05-18
        
        [N/A][856578] Low CVE-2018-16085: Use after free in Memory 
        Instrumentation. Reported by Roman Kuksin of Yandex on 2018-06-26" [1]


MITIGATION

        The vendor advises updating to Chrome 69.0.3497.8 to address these
        issues. [1]


REFERENCES

        [1] Stable Channel Update for Desktop
            https://chromereleases.googleblog.com/2018/09/stable-channel-update-for-desktop.html

AusCERT has made every effort to ensure that the information contained
in this document is accurate.  However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours 
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBW5IZHWaOgq3Tt24GAQgmGxAAmZSVBtAbinuXIk+KwQq0RHi4gzaWmNFX
bW+FYLzO3ECydDHjgxlDiqS1Q0gDaxvJk6metbXk7qFZKL1WdsKzdzeuSk4AzcYY
neFAV8ER7zRzmSytCBHSFdf1oeCglyRBdaT9mUZQ1vkvpKXpwE7Yvld670cG1+q2
G/fBsViBDfJQR+tdyBz0V/i09orf9SmDGTaJ4uiWZlO8U4XQZtYLsceHJIsBykHi
0fAn1XJIW2CeRGNu6nQVuhNeKjrQI/0idxECFym2Mpu64RcgZaRj+NqFOjkd6ewa
N2lKF54R4l6mCXd24ru2c3wz6yOXndOEdpb0rxa0MBnjOBoHaoYYqSSMxBADTwpb
v6Qtvpn5xNKa/cA31V6OvTRqFxIaKcfJgrlDTaTOL2icJSrkwJM11iIZgpA5lOpM
n+bRitke1huJGQPSV1pJ/lStrGler48q/EtOw7BPMyc+AaRuvLXMdXGJjaZKsoZR
vUnxJoQZEoRtZK+ZPRvqzCfE/NxEoWLngdRiWb4/MjKGWI6PzJ1Z7AM8xhcxPFfF
9CT7OKI0DTH7Y+bkfO/tSHb6H6v4yQbrItqP10g4+KDOPTW0Zb4YKE8eyBD2t1Kn
sjRRkfW21vG9/ClLy/PSo6TOG9MvXE2oBwl4yrnPLxZtsk0/f/mDYqJr3k2VZNOg
UUhB/k2KqIg=
=PfPY
-----END PGP SIGNATURE-----