CVE-2018-4878: A malicious website could host a page with malicious content which if loaded by Chrome would cause it to access content past the end of the allocated buffer resulting in process crash. Google has assigned the following CVE identifiers for the issues fixed in this release. Details of the issues and CVSS scores can be found in the links.
CVE-2018-4857: A security flaw in Blink occurred when rendering malicious content could lead to unexpected behaviour or remote code execution.
CVE-2018-4858: An issue was discovered in PDFium. Malicious PDFium content could cause pdfium to crash when loaded.
CVE-2018-4859: An issue was discovered in the handling of saved password. Malicious code could be loaded as a saved password.
CVE-2018-4860: An issue was discovered in how the application handles redirects. Redirected requests can specify an unpatched target, resulting in information disclosure.
CVE-2018-4861: An issue was discovered in how the application handles redirects. Redirected requests can specify an unpatched target, resulting in information disclosure.
CVE-2018-4862: An issue was discovered in how the application handles redirects. Redirected requests can specify an unpatched target, resulting in information disclosure.
CVE-2018-4863: An issue was discovered in how the application handles redirects. Redirected requests
What to do if you are affected by CVE-2018-4858, CVE-2018-4857, CVE-2018-4859, or CVE-2018-4860
If you are affected by one of the vulnerabilities mentioned in the previous section, there is no need to take any action. The issues were fixed in the latest release, so your browser is safe. However, if you are unsure of whether this is causing a crash on your computer, please contact your IT department for more information.
Additional Changes in the Release
Chrome 70 includes changes to the following functionality:
- Added support for implementing Material Design in browser windows.
- Added support for CSS Keyframes animations.
- Added preliminary Chrome Web Store support.
Security Enhancements
The following fixes address the vulnerabilities in the release.
CVE-2018-4878: A malicious website could host a page with malicious content which if loaded by Chrome would cause it to access content past the end of the allocated buffer resulting in process crash. Google has assigned the following CVE identifiers for the issues fixed in this release. Details of the issues and CVSS scores can be found in the links.
CVE-2018-4857: A security flaw in Blink occurred when rendering malicious content could lead to unexpected behaviour or remote code execution.
CVE-2018-4858: An issue was discovered in PDFium. Malicious PDFium content could cause pdfium to crash when loaded.
CVE-2018-4859: An issue was discovered in the handling of saved password. Malicious code could be loaded as a saved password.
CVE-2018-4860: An issue was discovered in how the application handles redirects. Redirected requests can specify an unpatched target, resulting in information disclosure.
CVE-2018-4861: An issue was discovered in how the application handles redirects. Redirected requests can specify an unpatched target, resulting in information disclosure.
CVE-2018-4862: An issue was discovered in how the application handles redirects. Redirected requests
Timeline
Published on: 07/21/2022 23:15:00 UTC
Last modified on: 08/15/2022 11:16:00 UTC