漏洞类别:Local
漏洞等级: 
漏洞信息
Google Chrome is a web browser for multiple platforms developed by Google.
This Google Chrome update fixes the following vulnerabilities:
CVE-2017-5111: Use after free in PDFium.
CVE-2017-5112: Heap buffer overflow in WebGL.
CVE-2017-5113: Heap buffer overflow in Skia.
CVE-2017-5114: Memory lifecycle issue in PDFium.
CVE-2017-5115: Type confusion in V8.
CVE-2017-5116: Type confusion in V8.
CVE-2017-5117: Use of uninitialized value in Skia.
CVE-2017-5118: Bypass of Content Security Policy in Blink.
CVE-2017-5119: Use of uninitialized value in Skia.
CVE-2017-5120: Potential HTTPS downgrade during redirect navigation.
Affected Versions : Google Chrome prior to 61.0.3163.79
漏洞危害
A remote user can bypass sandbox security controls on the target system.
A remote user can obtain potentially sensitive information on the target system.
A remote user can spoof a domain.
解决方案
Customers are advised to upgrade to Google Chrome 61.0.3163.79 or a later version.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0daybank
文章评论