Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Google Chrome < 54.0.2840.59 Multiple Vulnerabilities

High

Synopsis

The remote host is utilizing a web browser that is affected by multiple attack vectors.

Description

The version of Google Chrome installed on the remote host is prior to 54.0.2840.59, and is affected by multiple vulnerabilities :

- A use-after-free error in Internals may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (OSVDB 145564) - An unspecified flaw may allow a context-dependent attacker to bypass schemes. No further details have been provided. (OSVDB 145565) - An unspecified flaw may allow a context-dependent attacker to spoof URLs. No further details have been provided. (OSVDB 145566) - A flaw in Bookmarks allows a universal cross-site scripting (XSS) attack. This flaw exists because the program does not validate input before returning it to users. This may allow a context-dependent attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server. (OSVDB 145567) - An unspecified flaw in Blink may allow a context-dependent attacker to bypass Cross-Origin Resource Sharing (CORS) restrictions. No further details have been provided. (OSVDB 145568) - An unspecified flaw may allow a context-dependent attacker to spoof URLs. No further details have been provided. (OSVDB 145569) - A flaw in Blink allows a universal XSS attack. This flaw exists because the program does not validate input before returning it to users. This may allow a context-dependent attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server. (OSVDB 145570) - A use-after-free error in Blink may allow a context-dependent attacker can dereference already freed memory and potentially execute arbitrary code. No further details have been provided. (OSVDB 145572) - An overflow condition exists in Blink. The issue is triggered as certain input is not properly validated. This may allow a context-dependent buffer overflow, potentially allowing the execution of arbitrary code. (OSVDB 145573) - A flaw in the display of drop-down menus may allow a context-dependent attacker to disguise user interface elements and conduct spoofing attacks. (OSVDB 145575) - An out-of-bounds read flaw exists in DevTools. This may allow a context-dependent attacker to potentially disclose memory contents. (OSVDB 145576) - An unspecified flaw may allow a context-dependent attacker to have an unspecified, high severity impact. No further details have been provided by the vendor. (OSVDB 145577) - An unspecified flaw may allow a context-dependent attacker to have an unspecified, medium severity impact. No further details have been provided by the vendor. (OSVDB 145578) - An unspecified flaw exists in the 'SkConic::chopIntoQuadsPOW2()' function in 'core/SkGeometry.cpp' that may allow a context-dependent attacker to have an unspecified, high severity impact. (OSVDB 145580) - An unspecified flaw exists in the 'SkConic::chopIntoQuadsPOW2()' function in 'core/SkGeometry.cpp'. This that may allow a context-dependent attacker to have an unspecified, medium severity impact. (OSVDB 145581) - A flaw exists in the 'FrameView::layoutOrthogonalWritingModeRoots()' function in 'frame/FrameView.cpp'. The issue is triggered when handling orthogonal writing mode roots with floating siblings. This may allow a context-dependent attacker to potentially execute arbitrary code. (OSVDB 145582) - A flaw exists in 'ui/views/website_settings/permission_prompt_impl.cc'. The issue is triggered when handling permission bubbles, as the default action is to accept them. With a specially crafted website performing timing attacks, a context-dependent attacker can obtain unintended permissions. (OSVDB 145583) - An unspecified flaw may allow a context-dependent attacker to have an unspecified, medium severity impact. No further details have been provided by the vendor. (OSVDB 145584)

Solution

Update the Chrome browser to 54.0.2840.59 or later.