Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Google Chrome < 53.0.2785.113 Multiple Vulnerabilities

Medium

Synopsis

The remote host is utilizing a web browser that is affected by multiple vulnerabilities.

Description

The version of Google Chrome installed on the remote host is prior to 53.0.2785.113, and is affected by multiple vulnerabilities :

- A use-after-free error in 'bindings/modules/v8/V8BindingForModules.cpp' may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (OSVDB 144196) - A use-after-free error exists in Blink related to window constructors being callable. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (OSVDB 144197) - An unspecified flaw may allow a context-dependent attacker to disclose potentially sensitive information in memory. No further details have been provided. (OSVDB 144198) - A flaw is triggered when handling a specially crafted web page. This may allow a context-dependent attacker to load extension JavaScript resources, which they may leverage to perform unauthorized actions. (OSVDB 144199) - A flaw exists in 'ui/cocoa/browser_window_controller_private.mm' that is triggered when in fullscreen mode. This may cause popups to not be properly suppressed. (OSVDB 144200) - An unspecified flaw may allow a context-dependent attacker to have an unspecified high severity impact. No further details have been provided by the vendor. (OSVDB 144201) - A flaw is triggered when handling IPC messages for dead routing IDs. This may allow a context-dependent attacker to potentially execute arbitrary code. (OSVDB 144214) - An unspecified flaw exists in 'content/child/blob_storage/blob_transport_controller.cc' related to improper shared memory mapping. This may allow a context-dependent attacker to have an unspecified impact. (OSVDB 144240) - An unspecified flaw exists in the Safe Browsing feature that is triggered when validating URLs. This may allow a context-dependent attacker to bypass intended restrictions. (OSVDB 144684) - An unspecified flaw may allow a context-dependent attacker to bypass SafeBrowsing. No further details have been provided. (OSVDB 144981)

Solution

Update the Chrome browser to 53.0.2785.113 or later.