Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Google Chrome < 52.0.2743.82 Multiple Vulnerabilites

Critical

Synopsis

The remote host is utilizing a web browser that is affected by multiple vulnerabilities.

Description

The version of Google Chrome installed on the remote host is prior to 52.0.2743.82, and is affected by multiple vulnerabilities :

- An out-of-bounds read flaw in the 'xmlParseEndTag2()' function in 'parser.c' is triggered when parsing an end tag. This may allow a context-dependent attacker to crash a process linked against the library or potentially disclose memory contents. (OSVDB 130651) - An out-of-bounds read flaw in the 'xmlNextChar()' function in 'parserInternals.c' is triggered when parsing characters in an XML file. This may allow a context-dependent attacker to crash a process linked against the library or potentially disclose memory contents. (OSVDB 130653) - An overflow condition in the 'htmlParseName()' and 'htmlParseNameComplex()' functions of 'HTMLparser.c' is triggered as user-supplied input is not properly validated when parsing characters in a range. With a specially crafted file, a context-dependent attacker can cause a heap-based buffer overflow, resulting in a denial of service or potentially allowing the execution of arbitrary code. (OSVDB 134833) - An integer overflow condition in the 'xmlParse3986Port()' function in 'uri.c' is triggered as user-supplied input is not properly validated when handling port numbers in the URL. This may allow a context-dependent attacker to have an unspecified impact. (OSVDB 138921) - An out-of-bounds under-read flaw in the 'xmlParseConditionalSections()' and 'xmlParseElementDecl()' functions in 'parser.c' may allow a context-dependent attacker to crash a process linked against the library or potentially disclose memory contents. (OSVDB 138928) - A format string flaw in multiple functionalities is triggered as string format specifiers (e.g. %s and %x) are not properly used. This may allow a context-dependent attacker to potentially execute arbitrary code or cause a denial of service in a process linked against the library. (OSVDB 138966) - An out-of-bounds read flaw in the 'PairPosFormat1::sanitize()' function 'in hb-ot-layout-gpos-table.hh' may allow a context-dependent attacker to crash a process linked against the library or potentially disclose memory contents. (OSVDB 141594) - A flaw in 'PPAPI' is triggered when handling certain messages not sent by the browser in the plugin broker process. This may allow a context-dependent attacker to bypass the sandbox. (OSVDB 141924) - A flaw in 'web/web_state/ui/crw_web_controller.mm' is triggered when handling invalid URLs. This may allow a context-dependent attacker to conduct URL spoofing attacks. (OSVDB 141925) - A use-after-free error related to extensions may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (OSVDB 141926) - An array indexing error in the 'ByteArray::Get()' function in 'data/byte_array.cc' is triggered as user-supplied input is not properly validated. This may allow a context-dependent attacker to cause a heap-based buffer overflow, crashing a process linked against the library or potentially allowing the execution of arbitrary code. (OSVDB 141927) - A flaw in 'web/ChromeClientImpl.cpp' is triggered when handling creation of new windows by deferred frames. This may allow a context-dependent attacker to bypass the same-origin policy. (OSVDB 141928) - A flaw in 'core/loader/FrameLoader.cpp' is triggered when handling frame navigations during 'DocumentLoader' detach. This may allow a context-dependent attacker to bypass the same-origin policy. (OSVDB 141929) - A use-after-free error in the 'previousLinePosition()' function in 'core/editing/VisibleUnits.cpp' may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (OSVDB 141930) - An unspecified flaw may allow a context-dependent attacker to bypass the same-origin policy. No further details have been provided by the vendor. (OSVDB 141931) - A flaw is triggered as user-supplied input is not properly validated. This may allow a context-dependent attacker to corrupt memory and cause a denial of service in a process linked against the library or potentially execute arbitrary code. (OSVDB 141932) - A flaw in the 'HistoryController::UpdateForCommit()' function in 'content/renderer/history_controller.cc' is triggered when handling two forward navigations that compete in different frames. This may allow a context-dependent attacker to perform URL spoofing attacks. (OSVDB 141933) - A use-after-free error in the 'xmlXPtrRangeToFunction()' function in 'libxml/src/xpointer.c' may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (OSVDB 141934) - A flaw related to 'Service Workers' is triggered when handling subframes of an insecure context. This may allow a context-dependent attacker to perform a limited bypass of the same-origin policy. (OSVDB 141935) - A flaw related to proxy authentication is triggered when handling origins. This may allow a context-dependent attacker to spoof the proxy server origin. (OSVDB 141936) - A flaw that is triggered as 'https://' URLs are not properly sanitized before being sent to PAC scripts. This may allow a context-dependent attacker to leak URLs. (OSVDB 141937) - A flaw exists in 'html/parser/HTMLPreloadScanner.cpp' related to the handling of referrer policies. This may allow a context-dependent attacker to bypass the content security policy (CSP). (OSVDB 141938) - A use-after-free error in 'extensions/renderer/user_script_injector.cc' is triggered when handling 'UserScript' pointers. This may allow a malicious extension to dereference already freed memory and potentially execute arbitrary code with elevated privileges. (OSVDB 141939) - A flaw exists in the 'CSPSource::portMatches()' function in 'frame/csp/CSPSource.cpp' related to HSTS and CSP when handling HTTP vs HTTPS ports in source expressions. This may allow a context-dependent attacker to disclose browsing history information. (OSVDB 1419340) - A flaw in the 'LayoutBox::removeFloatingOrPositionedChildFromBlockLists()' function in 'core/layout/LayoutBox.cpp' is triggered when handling 'LayoutView' floats. This may allow a context-dependent attacker to potentially execute arbitrary code. (OSVDB 141947) - A flaw in the 'Resource::canUseCacheValidator()' function in 'core/fetch/Resource.cpp' is triggered when revalidating 'Resource' with redirects. This may allow a context-dependent attacker to have an unspecified impact. (OSVDB 141948) - A flaw in the 'Resource::willFollowRedirect()' function in 'core/fetch/Resource.cpp' is triggered when handling redirect responses while revalidating resources. This may allow a context-dependent attacker to have an unspecified impact. (OSVDB 141949) - A flaw in 'net/url_request/sdch_dictionary_fetcher.cc' is triggered when handling dictionary requests failing after receiving data. This may allow a context-dependent attacker to have an unspecified impact. (OSVDB 141950) - A flaw in the 'ShapeResultSpacing::computeSpacing()' function in 'platform/fonts/shaping/ShapeResultSpacing.cpp' is triggered as certain input is not properly validated. This may allow a context-dependent attacker to potentially execute arbitrary code. (OSVDB 141951) - A flaw in the 'Channel::Message::Deserialize()' function in 'mojo/edk/system/channel.cc' is triggered when handling header sizes in channel messages. This may allow a context-dependent attacker to potentially execute arbitrary code. (OSVDB 141952) - An unspecified flaw in 'Font::individualCharacterRanges()' function in 'platform/fonts/Font.cpp' may allow a context-dependent attacker to have an unspecified impact. (OSVDB 141989) - An out-of-bounds read flaw in the 'WebRtcIsacfix_PitchFilter()' and 'WebRtcIsacfix_PitchFilterGains()' functions in 'modules/audio_coding/codecs/isac/fix/source/pitch_filter.c' may allow a context-dependent attacker to crash a process linked against the library or potentially disclose memory contents. (OSVDB 141990) - A flaw exists in 'org/chromium/chrome/browser/toolbar/CustomTabToolbarAnimationDelegate.java' due to the program failing to properly load security icons on custom HTTP connection tabs. This may allow a context-dependent attacker to spoof valid icons. (OSVDB 141991) - An integer overflow condition in the 'SkLinearGradient::LinearGradientContext::shade4_dx_clamp()' function in 'effects/gradients/SkLinearGradient.cpp' is triggered as user-supplied input is not properly validated. This may allow a context-dependent attacker to have an unspecified impact. (OSVDB 141992) - An invalid read flaw in the 'setup_frame_size_with_refs()' function in 'vp9/decoder/vp9_decodeframe.c' may allow a context-dependent attacker to crash a process linked against the library or potentially disclose memory contents. (OSVDB 141993) - An unspecified flaw exists within 'extensions' that is triggered during the handling of 'NativeMessaging' IDs. This may allow a context-dependent attacker to have an unspecified impact. (OSVDB 141994) - An out-of-bounds read flaw in the 'HTMLMenuItemElement::defaultEventHandler()' function in 'core/html/HTMLMenuItemElement.cpp' may allow a context-dependent attacker to potentially disclose memory contents. (OSVDB 141995) - An unspecified flaw in 'core/SkDraw.cpp' is triggered during the handling of unusual coordinates on text drawings. This may allow a context-dependent attacker to have an unspecified impact. No further details have been provided. (OSVDB 142038) - An unspecified flaw in the 'PseudoTcp::parse()' function in 'p2p/base/pseudotcp.cc' is triggered during the handling of header sizes. This may allow a context-dependent attacker to have an unspecified impact. No further details have been provided. (OSVDB 142039) - An unspecified flaw in the 'GURL::ReplaceComponents()' function in 'url/gurl.cc' is triggered during inner URL creation. This may allow a context-dependent attacker to have an unspecified impact. No further details have been provided. (OSVDB 142040) - An unspecified flaw exists that may allow a context-dependent attacker to have an unspecified impact. No further details have been provided by the vendor. (OSVDB 142085)

Solution

Update the Chrome browser to 52.0.2743.82 or later.