Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Google Chrome < 51.0.2704.63 Multiple Vulnerabilities

High

Synopsis

The remote host is utilizing a web browser that is affected by multiple vulnerabilities.

Description

The version of Google Chrome installed on the remote host is prior to 51.0.2704.63, and is affected by multiple vulnerabilities :

- Multiple unspecified flaws exist in extension bindings that allow a remote attacker to bypass the same-origin policy. No other details are available. (OSVDB 139022, OSVDB 139026) - Multiple unspecified flaws exist in 'Blink' that allow a remote attacker to bypass the same-origin policy. No other details are available. (OSVDB 139023, OSVDB 139025) - An unspecified flaw exists in 'Extensions' that allows a remote attacker to bypass the same-origin policy. No other details are available. (OSVDB 139024) - An unspecified type confusion error exists in V8 decodeURI that allows a remote attacker to disclose potentially sensitive information. (OSVDB 139040) - A heap buffer overflow condition exists in V8 due to improper validation of user-supplied input. A remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (OSVDB 139027) - A heap use-after-free error exists in V8 bindings that allows a remote attacker to deference already freed memory and execute arbitrary code. (OSVDB 139028) - A heap use-after-free error exists in Google Skia that allows a remote attacker to deference already freed memory and execute arbitrary code. (OSVDB 139029) - A buffer overflow condition exists in OpenJPEG in the 'opj_j2k_read_SPCod_SPCoc()' function within file 'j2k.c' due to improper validation of user-supplied input. A remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (OSVDB 138796) - An unspecified flaw exists in 'ServiceWorker' that allows a remote attacker to bypass the Content Security Policy (CSP). No other details are available. (OSVDB 139030) - An unspecified out-of-bounds access error exists in libxslt that allows a remote attacker to have an unspecified impact. (OSVDB 139031) - An integer overflow condition exists in libxslt that allows a remote attacker to have an unspecified impact. (OSVDB 139032) - Multiple out-of-bounds read errors exist in PDFium that allow a remote attacker to cause a denial of service condition or disclose potentially sensitive information. (OSVDB 139043, OSVDB 139042) - An unspecified flaw exists in Extensions that allows a remote attacker to disclose potentially sensitive information. No other details are available. (OSVDB 139033) - An out-of-bounds read error exists in V8 that allows a remote attacker to cause a denial of service condition or disclose potentially sensitive information. (OSVDB 139041) - A heap buffer overflow condition exists in Media due to improper validation of user-supplied input. A remote attacker can exploit this to execute arbitrary code. (OSVDB 139034) - A heap use-after-free error exists in Autofill that allows a remote attacker to execute arbitrary code. (OSVDB 139035) - A heap buffer overflow condition exists in Google Skia due to improper validation of user-supplied input. A remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (OSVDB 139036) - An unspecified flaw exists in 'ServiceWorker' that allows a remote attacker to carry out a limited bypass of the same-origin policy. No other details are available. (OSVDB 139037) - A flaw exists due to the Software Removal Tool being downloaded over an HTTP connection. A man-in-the-middle attacker can exploit this to manipulate its contents. (OSVDB 139038) - A unspecified flaw exists that is triggered when HTTP Public Key Pinning (HPKP) pins are removed when clearing the cache. No other details are available. (OSVDB 139039) - Multiple unspecified issues exist that allow a remote attacker to execute arbitrary code. (OSVDB 139087) - A use-after-free error exists in 'MailboxManagerImpl'. The issue is triggered when handling GPU commands. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (OSVDB 140064)

Solution

Update the Chrome browser to 51.0.2704.63 or later.