cnvd-2019-01583
Vulnerability from cnvd
Title
Google Chrome Networking Disk Cache双重释放漏洞
Description
Google Chrome是美国谷歌(Google)公司开发的一款Web浏览器。Networking Disk Cache是其中的一个网络磁盘高速缓存组件。 Google Chrome 66.0.3359.106之前版本中的Networking Disk Cache存在双重释放漏洞。远程攻击者可借助特制的HTML页面利用该漏洞执行任意代码。
Severity
Patch Name
Google Chrome Networking Disk Cache双重释放漏洞的补丁
Patch Description
Google Chrome是美国谷歌(Google)公司开发的一款Web浏览器。Networking Disk Cache是其中的一个网络磁盘高速缓存组件。 Google Chrome 66.0.3359.106之前版本中的Networking Disk Cache存在双重释放漏洞。远程攻击者可借助特制的HTML页面利用该漏洞执行任意代码。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description

目前厂商已发布升级补丁以修复漏洞,补丁获取链接: https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html

Reference
https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html https://www.securityfocus.com/bid/103917
Impacted products
Name
Google Chrome <66.0.3359.106
Show details on source website

To clipboard 

{
  "cves": {
    "cve": [
      {
        "cveNumber": "CVE-2018-6086",
        "cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6086"
      },
      {
        "cveNumber": "103917"
      }
    ]
  },
  "description": "Google Chrome\u662f\u7f8e\u56fd\u8c37\u6b4c\uff08Google\uff09\u516c\u53f8\u5f00\u53d1\u7684\u4e00\u6b3eWeb\u6d4f\u89c8\u5668\u3002Networking Disk Cache\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u7f51\u7edc\u78c1\u76d8\u9ad8\u901f\u7f13\u5b58\u7ec4\u4ef6\u3002\n\nGoogle Chrome 66.0.3359.106\u4e4b\u524d\u7248\u672c\u4e2d\u7684Networking Disk Cache\u5b58\u5728\u53cc\u91cd\u91ca\u653e\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7279\u5236\u7684HTML\u9875\u9762\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
  "discovererName": "Ned Williamson,Rob Wu,ZhanJia Song,Jun Kokatsu,Natalie Silvanovich,Chris Rohlf,Abdulrahman Alqabandi (@qab),WenXu Wu of Tencent\u0027s Xuanwu Lab,xisigr of Tencent\u0027s Xuanwu Lab,Khalil Zhani,Lnyas Zhang,lokihardt,Dominik Weber,Wenxiang Qian (aka blastxiang) ,Jam",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-01583",
  "openTime": "2019-01-11",
  "patchDescription": "Google Chrome\u662f\u7f8e\u56fd\u8c37\u6b4c\uff08Google\uff09\u516c\u53f8\u5f00\u53d1\u7684\u4e00\u6b3eWeb\u6d4f\u89c8\u5668\u3002Networking Disk Cache\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u7f51\u7edc\u78c1\u76d8\u9ad8\u901f\u7f13\u5b58\u7ec4\u4ef6\u3002\r\n\r\nGoogle Chrome 66.0.3359.106\u4e4b\u524d\u7248\u672c\u4e2d\u7684Networking Disk Cache\u5b58\u5728\u53cc\u91cd\u91ca\u653e\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7279\u5236\u7684HTML\u9875\u9762\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Google Chrome Networking Disk Cache\u53cc\u91cd\u91ca\u653e\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Google Chrome \u003c66.0.3359.106"
  },
  "referenceLink": "https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html\r\nhttps://www.securityfocus.com/bid/103917",
  "serverity": "\u4e2d",
  "submitTime": "2018-12-06",
  "title": "Google Chrome Networking Disk Cache\u53cc\u91cd\u91ca\u653e\u6f0f\u6d1e"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.