Multiple vulnerabilities in Google Chrome versions prior to 62.0.3202.62 for Windows, Mac, and Linux could allow an unauthenticated, remote attacker to conduct a spoofing attack, access sensitive information, execute arbitrary code, or cause a denial of service (DoS) condition on a targeted system.
The Google Chrome Stable Channel Release includes 35 security fixes for the following vulnerabilities:
- UXSS with MHTML
- Heap overflow in Skia
- Use after free in PDFium
- Heap overflow in WebGL
- Use after free in WebAudio
- Incorrect stack manipulation in WebAssembly
- Heap overflow in libxml2
- Out of bounds write in Skia
- UI spoofing in Blink
- Content security bypass
- Out of bounds read in Skia
- URL spoofing in OmniBox
- Extension limitation bypass in Extensions
- Incorrect registry key handling in PlatformIntegration
- Referrer leak in Devtools
- URL spoofing in extensions UI
- Null pointer dereference in ImageCapture
The release also includes various fixes from internal audits, fuzz testing, and other initiatives from Google's Security Team.
Administrators are advised to apply the appropriate updates.
Administrators are advised to allow only trusted users to have network access.
Administrators are advised to monitor affected systems.
Google has released a stable channel update at the following link: Google Stable Channel Update
Google has released software updates at the following link: Download Google Chrome
FreeBSD has released a VuXML document at the following link: chromium -- multiple vulnerabilities
FreeBSD has released ports collection updates at the following link: Ports Collection Index
Red Hat has released official CVE statements and a security advisory for multiple bugs at the following link: RHSA-2017-2997
Red Hat has released updated software for registered subscribers at the following link: Red Hat Network
. Red Hat packages can be updated on Red Hat Enterprise Linux versions 5 and later by using the yum