icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

Google Chrome < 52.0.2743.116 Multiple Vulnerabilities

High

Synopsis

The remote host is utilizing a web browser that is affected by multiple vulnerabilities.

Description

The version of Google Chrome installed on the remote host is prior to 52.0.2743.116, and is affected by multiple vulnerabilities :

- An unspecified issue exists, which may allow a context-dependent attacker to have an unspecified high severity impact. No further details have been provided.(OSVDB 142525, OSVDB 142526) - An unspecified issue exists, which may allow a context-dependent attacker to have an unspecified medium severity impact. No further details have been provided.) - A flaw exists that is triggered during the handling of specially crafted images. This may allow a context-dependent attacker to bypass the same-origin policy.(OSVDB 142527) - A flaw exists that is triggered as nested message loops might access documents and not generate a notification. This may allow a context-dependent attacker to spoof the address bar. (OSVDB 142528) - An unspecified use-after-free error exists that may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code.(OSVDB 142529) - A flaw exists in the 'sanitizeRemoteFrontendUrl()' function in 'devtools/front_end/devtools.js' that is triggered by a failure to properly sanitize input parameters. This may allow a context-dependent attacker to have an unspecified impact. (OSVDB 142531) - A flaw exists in the 'loadScriptsPromise()' function in 'devtools/front_end/Runtime.js' that is triggered by a failure to properly sanitize input parameters. This may allow a context-dependent attacker to have an unspecified impact. (OSVDB 142532) - An overflow condition is triggered as user-supplied input is not properly validated when handling RTP packets. This may allow a context-dependent attacker to cause a buffer overflow, resulting in a denial of service in a process linked against the library or potentially allowing the execution of arbitrary code. (OSVDB 142533)

Solution

Update the Chrome browser to 52.0.2743.116 or later.