Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Google Chrome < 54.0.2840.99 Multiple Vulnerabilities

High

Synopsis

The remote host is utilizing a web browser that is affected by multiple attack vectors.

Description

The version of Google Chrome installed on the remote host is prior to 54.0.2840.99, and is affected by multiple vulnerabilities :

- An integer overflow condition exists in the 'mov_read_keys()' function in 'libavformat/mov.c' that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to cause a heap-based buffer overflow, crashing a process linked against the library or potentially allowing the execution of arbitrary code. (CVE-2016-5199) - An out-of-bounds read flaw exists that is triggered when handling 'Math.sign'. This may allow a context-dependent attacker to crash a process linked against the library or potentially disclose memory contents. (CVE-2016-5200) - A flaw exists in the 'expose()' function in 'extensions/renderer/resources/utils.js'. This may allow a context-dependent attacker to disclose sensitive internal class information. (CVE-2016-5201) - A flaw exist in the 'DialRegistry::PruneExpiredDevices()' function in 'chrome/browser/extensions/api/dial/dial_registry.cc'. This may allow a context-dependent attacker to have an unspecified impact. (CVE-2016-5202)

Solution

Update the Chrome browser to 54.0.2840.99 or later.