Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Google Chrome < 55.0.2883.75 Multiple Vulnerabilities

Critical

Synopsis

The remote host is utilizing a web browser that is affected by multiple attack vectors.

Description

The version of Google Chrome installed on the remote host is prior to 55.0.2883.75, and is affected by multiple vulnerabilities :

- A flaw exists in the 'TIFFFetchDirectory()' function in 'tif_dirread.c' related to use of uninitialized memory. This may allow a context-dependent attacker to have an unspecified impact. No further details have been provided. (OSVDB 145058) - An unspecified out-of-bounds write flaw exists that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to potentially execute arbitrary code. (OSVDB 148065) - A flaw exists that allows a universal cross-site scripting (UXSS) attack. This flaw exists because the 'V8EventListener::getListenerFunction()' function in 'bindings/core/v8/V8EventListener.cpp' allows running the 'handleEvent' getter on forbidden script. This may allow a context-dependent attacker to execute arbitrary script code in a user's browser session within the trust relationship between their browser and any website. (OSVDB 148066) - A use-after-free error exists in the 'Document::removeField()' function in 'fpdfsdk/javascript/Document.cpp' that is triggered when handling the removal of fields within a document. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (OSVDB 148067) - An unspecified use-after-free error exists that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (OSVDB 148068) - An integer overflow condition exists in 'core/fpdfapi/page/cpdf_page.cpp' that may allow a context-dependent attacker to have an unspecified impact. No further details have been provided by the vendor. (OSVDB 148069) - A use-after-free error exists in 'pdf/pdfium/pdfium_engine.cc' that is triggered when handling non-visible page unloading. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (OSVDB 148070) - An out-of-bounds write flaw exists in the 'CWeightTable::GetPixelWeightSize()' function in 'core/fxge/dib/fx_dib_engine.cpp'. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (OSVDB 148071) - A flaw exists that allows a UXSS attack. This flaw exists because the program permits frame swaps during frame detach. This may allow a context-dependent attacker to execute arbitrary script code in a user's browser session within the trust relationship between their browser and any website. (OSVDB 148072) - A flaw exists in the DevTools component that is triggered as certain URLs are not properly validated. This may allow a context-dependent attacker to disclose the contents of arbitrary files. (OSVDB 148073) - A flaw exists that allows a UXSS attack. The issue is triggered when handling triggered events during e.g. closing a color chooser for an input element. This may allow a context-dependent attacker to execute arbitrary script code in a user's browser session within the trust relationship between their browser and any website. (OSVDB 148074) - A flaw exists that is triggered when handling 'chrome.tabs' API navigations and displaying the pending URL. This may allow a context-dependent attacker to spoof the omnibox address. (OSVDB 148075) - A flaw exists in the 'NavigatorImpl::NavigateToEntry()' function in 'content/browser/frame_host/navigator_impl.cc' that is triggered when handling invalid URLs. This may allow a context-dependent attacker to spoof the omnibox address. (OSVDB 148076) - A flaw exists that allows a UXSS attack. The issue is triggered when handling the 'use' SVG element and calling event listeners on a cloned node. This may allow a context-dependent attacker to execute arbitrary script code in a user's browser session within the trust relationship between their browser and any website. (OSVDB 148077) - A flaw exists that is triggered when downloading files using e.g. data: URIs, unknown URL schemes, and overly long URLs. This may allow a context-dependent attacker to cause a file to be downloaded without the mark-of-the-web applied. (OSVDB 148078) - A flaw exists in the 'HTMLFormElement::scheduleFormSubmission()' function in 'html/HTMLFormElement.cpp' that is triggered as form-action CSP (Content Security Policy) is not properly enforced. This may allow a context-dependent attacker to bypass intended restrictions. (OSVDB 148079) - A flaw exists in the 'DocumentLoader::GetRequest()' function in 'pdf/document_loader.cc' that is triggered when handling redirects in the plugin. This may allow a context-dependent attacker to bypass the same-origin policy. (OSVDB 148080) - An unspecified flaw exists related to the PDF helper extension using unvalidated data. This may allow a context-dependent attacker to have an unspecified impact. No further details have been provided by the vendor. (OSVDB 148081) - A flaw exists in 'ui/views/tabs/tab_strip.cc' that allows a cross-site scripting (XSS) attack. This flaw exists because the program does not validate input when dropping JavaScript URLs on a tab. This may allow an attacker to execute arbitrary script code in the security context of the relevant tab. (OSVDB 148082) - A use-after-free error exists in 'content/renderer/media/renderer_webaudiodevice_impl.cc' that is triggered when handling web audio. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (OSVDB 148083) - A flaw exists related to denorm handling not being disabled before calling Skia filter code. This may allow a context-dependent attacker to bypass the same-origin policy. (OSVDB 148084) - A flaw exists in the 'Range::createAdjustedToTreeScope()' function in 'dom/Range.cpp' that is triggered when improperly handling the shadow root at the end of the document tree. With a specially crafted web page, a context-dependent attacker can potentially execute arbitrary code. (OSVDB 148086) - A use-after-free error exists in 'layout/FloatingObjects.cpp' that is triggered during handling of floating objects when detaching subtrees. With a specially crafted web page, a context-dependent attacker can dereference already freed memory and potentially execute arbitrary code. (OSVDB 148087) - An unspecified flaw exists that may allow a context-dependent attacker to have an unspecified impact. No further details have been provided by the vendor. (OSVDB 148088) - An unspecified flaw exists that may allow a context-dependent attacker to disclose CSP referrers. No further details have been provided. (OSVDB 148104) - An unspecified flaw exists related to its handling of 'file: navigation' that may allow a context-dependent attacker to disclose arbitrary files. No further details have been provided. (OSVDB 148105) - An unspecified integer overflow condition exists that is triggered as user-supplied input is not properly validated. This may allow a context-dependent attacker to have an unspecified impact. No further details have been provided by the vendor. (OSVDB 148106) - An unspecified flaw exists that may allow a context-dependent attacker to have an unspecified, medium severity, impact. No further details have been provided by the vendor. (OSVDB 148110) - An unspecified flaw exists that may allow a context-dependent attacker to have an unspecified, low severity, impact. No further details have been provided by the vendor. (OSVDB 148111) - An unspecified use-after-free flaw exists in the inspector code that may allow an attacker to potentially execute arbitrary code. No further details have been provided by the vendor. (OSVDB 148133, OSVDB 148134) - An unspecified flaw exists in 'lookup.cc' related to unauthorized private property access that may allow a context-dependent attacker to potentially execute arbitrary code. No further details have been provided by the vendor. (OSVDB 148135) - A flaw exists in the 'It2Me host' plugin related to a missing confirmation dialog. This may allow a remote attacker to establish a connection without the user being able to accept or reject it. (OSVDB 148138) - A double deletion flaw exists in 'device/battery/battery_monitor_impl.cc'. This may allow a context-dependent attacker to have an unspecified impact. (OSVDB 148139) - A flaw exists in the 'PingLoader::sendLinkAuditPing()' function in 'loader/PingLoader.cpp', as the anchor HTML tag's 'ping' attribute is not covered by the 'connect-src' CSP directive. With a specially crafted web page, a context-dependent attacker can bypass the intended Content Security Policy (CSP). (OSVDB 148140) - A flaw exits in the 'subdivide()' function in 'core/SkGeometry.cpp'. This may allow a context-dependent attacker to have an unspecified impact. No further details have been provided by the vendor. (OSVDB 148142)

Solution

Update the Chrome browser to 55.0.2883.75 or later.