Detections
Analytics

Google Chrome < 59.0.3071.86 Multiple Vulnerabilities

high Nessus Network Monitor Plugin ID 700131

Synopsis

The remote host is utilizing a web browser that is affected by an unspecified attack vector.

Description

The version of Google Chrome installed on the remote host is prior to 59.0.3071.86, and is affected by multiple vulnerabilities :

 - An unspecified type confusion flaw exists that may allow a context-dependent attacker to potentially execute arbitrary code. No further details have been provided.
 - An out-of-bounds read flaw. This may allow a context-dependent attacker to crash a process linked against the library or potentially disclose memory contents.
 - An unspecified flaw exists in Omnibox that may allow a context-dependent attacker to spoof the address. No further details have been provided.
 - A use-after-free error exists in print preview that may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code.
- An unspecified flaw exists in CSP reporting that may allow a context-dependent attacker to disclose potentially sensitive information. No further details have been provided.
 - An unspecified flaw exists in Omnibox that may allow a context-dependent attacker to spoof the address. No further details have been provided.
- An overflow condition exists that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to cause a heap-based buffer overflow, resulting in a denial of service or potentially allowing the execution of arbitrary code.
 - An unspecified flaw exists in its mailto handling functionality. This may allow a context-dependent attacker to potentially inject arbitrary commands.
 - An unspecified flaw exists in Blink that may allow a context-dependent attacker to spoof the UI. No further details have been provided.
 - A use-after-free error exists in credit card autofill that may allow a context-dependent attacker to dereference already freed memory and have an unspecified impact.
 - An unspecified flaw exists that may allow a context-dependent attacker to bypass extension verification mechanisms. No further details have been provided.
 - An unspecified flaw exists in the credit card editor view related to insufficient hardening, which may allow a context-dependent attacker to potentially more easily disclose information related to credit cards.
 - An unspecified flaw exists in Blink which may allow a context-dependent attacker to spoof the UI. No further details have been provided.
 - A flaw exists on WebUI pages that is triggered as they improperly allow the execution of JavaScript. This may potentially allow a context-dependent attacker to execute JavaScript code.
 - An unspecified flaw exists that may allow a context-dependent attacker to have an unspecified impact. No further details have been provided.

Solution

Update the Chrome browser to 59.0.3071.86 or later.

See Also

https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop.html

Plugin Details

Severity: High

ID: 700131

Family: Web Clients

Published: 6/7/2017

Updated: 3/6/2019

Nessus ID: 100680

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 8.1

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:google:chrome

Patch Publication Date: 6/5/2017

Vulnerability Publication Date: 6/5/2017

Reference Information

CVE: CVE-2017-5070

BID: 98861