icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

Google Chrome < 53.0.2785.113 Multiple Vulnerabilities

Medium

Synopsis

The remote host is utilizing a web browser that is affected by multiple vulnerabilities.

Description

The version of Google Chrome installed on the remote host is prior to 53.0.2785.113, and is affected by multiple vulnerabilities :

- A use-after-free error in 'bindings/modules/v8/V8BindingForModules.cpp' may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (OSVDB 144196) - A use-after-free error exists in Blink related to window constructors being callable. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (OSVDB 144197) - An unspecified flaw may allow a context-dependent attacker to disclose potentially sensitive information in memory. No further details have been provided. (OSVDB 144198) - A flaw is triggered when handling a specially crafted web page. This may allow a context-dependent attacker to load extension JavaScript resources, which they may leverage to perform unauthorized actions. (OSVDB 144199) - A flaw exists in 'ui/cocoa/browser_window_controller_private.mm' that is triggered when in fullscreen mode. This may cause popups to not be properly suppressed. (OSVDB 144200) - An unspecified flaw may allow a context-dependent attacker to have an unspecified high severity impact. No further details have been provided by the vendor. (OSVDB 144201) - A flaw is triggered when handling IPC messages for dead routing IDs. This may allow a context-dependent attacker to potentially execute arbitrary code. (OSVDB 144214) - An unspecified flaw exists in 'content/child/blob_storage/blob_transport_controller.cc' related to improper shared memory mapping. This may allow a context-dependent attacker to have an unspecified impact. (OSVDB 144240) - An unspecified flaw exists in the Safe Browsing feature that is triggered when validating URLs. This may allow a context-dependent attacker to bypass intended restrictions. (OSVDB 144684) - An unspecified flaw may allow a context-dependent attacker to bypass SafeBrowsing. No further details have been provided. (OSVDB 144981)

Solution

Update the Chrome browser to 53.0.2785.113 or later.