Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Google Chrome < 53.0.2785.89 Multiple Vulnerabilities

High

Synopsis

The remote host is utilizing a web browser that is affected by multiple vulnerabilities.

Description

The version of Google Chrome installed on the remote host is prior to 53.0.2785.89, and is affected by multiple vulnerabilities :

- An unspecified use-after-free error may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (OSVDB 143642) - An unspecified use-after-free error in 'Blink' may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (OSVDB 143643) - An unspecified flaw exists in 'Extensions' that may allow a context-dependent attacker to inject scripts. No further details have been provided by the vendor. (OSVDB 143644) - A flaw in 'Blink' allows a universal cross-site scripting (XSS) attack. This flaw exists because the program does not validate input before returning it to users. This may allow a context-dependent attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server. (OSVDB 143645) - A flaw in 'Blink' allows a universal XSS attack. This flaw exists because the program does not validate input before returning it to users. This may allow a context-dependent attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server. (OSVDB 143646) - An unspecified flaw in 'Extensions' may allow a context-dependent attacker to bypass web accessible resources. No further details have been provided by the vendor. (OSVDB 143647) - A flaw exists related to honoring of the 'web_accessible_resources' extension manifest field used to restrict web pages from accessing Extension resources. This may allow a context-dependent attacker to bypass intended restrictions. (OSVDB 143648) - An unspecified flaw may allow a context-dependent attacker to spoof the address bar. No further details have been provided by the vendor. (OSVDB 143649) - A flaw in 'DevTools' allows a universal XSS attack. This flaw exists because the program does not validate input before returning it to users. This may allow a context-dependent attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server. (OSVDB 143650) - A use-after-free error in 'Event Bindings' may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (OSVDB 143651) - An overflow condition is triggered as certain input is not properly validated. This may allow a context-dependent attacker to cause a heap-based buffer overflow, resulting in a denial of service in a process linked against the library or potentially allowing the execution of arbitrary code. (OSVDB 143652) - An overflow condition is triggered as certain input is not properly validated. This may allow a context-dependent attacker to cause a heap-based buffer overflow, resulting in a denial of service in a process linked against the library or potentially allowing the execution of arbitrary code. (OSVDB 143653) - An unspecified use-after-destruction error in 'Blink' may allow a context-dependent attacker to have an unspecified impact. No further details have been provided. (OSVDB 143654) - An unspecified flaw related to the usage of 'Save Page As' may allow a context-dependent attacker to conduct an SMB relay attack. No further details have been provided by the vendor. (OSVDB 143655) - An overflow condition is triggered as certain input is not properly validated. This may allow a context-dependent attacker to cause a heap-based buffer overflow, resulting in a denial of service in a process linked against the library or potentially allowing the execution of arbitrary code. (OSVDB 143656) - An unspecified flaw in 'DevTools' may allow a context-dependent attacker to inject scripts. No further details have been provided by the vendor. (OSVDB 143657) - A type confusion flaw in the 'StylePropertySerializer' class in 'Blink' is triggered when a context-dependent attacker manipulates a document's elements. This may allow the attacker to disclose unspecified information which may be used in conjunction with other vulnerabilities to potentially execute arbitrary code. (OSVDB 143658) - An unspecified flaw may allow a context-dependent attacker to spoof the address bar. No further details have been provided by the vendor. (OSVDB 143659) - An unspecified issue may allow a context-dependent attacker to have an unspecified, medium severity, impact. No further details have been provided. (OSVDB 143688) - An unspecified flaw in 'svg/graphics/SVGImage.cpp' is triggered during the handling of timers. This may allow a context-dependent attacker to have an unspecified impact. (OSVDB 143718) - An unspecified flaw in the 'VTVideoDecodeAccelerator::ReusePictureBuffer()' function in 'media/gpu/vt_video_decode_accelerator_mac.cc' may allow a context-dependent attacker to have an unspecified impact. No further details have been provided. (OSVDB 143720) - An unspecified flaw is triggered during the handling of blob storage files. This may allow a context-dependent attacker to have an unspecified impact. No further details have been provided. (OSVDB 143723) - An out-of-bounds read flaw in the 'GetWasmFunctionNameFromTable()' function in 'wasm/wasm-function-name-table.cc' may allow a context-dependent attacker to gain access to sensitive information in the memory. (OSVDB 143724) - A use-after-free error exists in the 'CJS_Timer::TimerProc()' function in 'fpdfsdk/javascript/JS_Object.cpp'. The issue may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (OSVDB 143726) - An unspecified flaw in the 'ResourceFetcher::determineRevalidationPolicy()' function in 'fetch/ResourceFetcher.cpp' may allow a context-dependent attacker to have an unspecified impact. No further details have been provided. (OSVDB 143727) - An unspecified flaw in the Mac Omnibox is triggered during the handling of URLs. This may allow a context-dependent attacker to have an unspecified impact. No further details have been provided by the vendor. (OSVDB 143737) - An unspecified flaw in the safe browsing feature may allow a context-dependent attacker to have an unspecified impact. No further details have been provided by the vendor. (OSVDB 143744) - An unspecified flaw in the 'shouldUpdateLayoutByReattaching()' function in 'dom/Text.cpp' is triggered during the handling of layout trees related to first-letter pseudo elements. This may allow a context-dependent attacker to have an unspecified impact. (OSVDB 143746) - An unspecified high severity flaw may allow a context-dependent attacker to have an unspecified impact. No further details have been provided by the vendor. (OSVDB 143747) - A flaw in the 'winding_mono_cubic()' and 'tangent_cubic()' functions in 'core/SkPath.cpp' may allow a context-dependent attacker to cause an assertion and crash a process linked against the library. (OSVDB 143752)

Solution

Update the Chrome browser to 53.0.2785.89 or later.