Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Google Chrome < 57.0.2987.98 Multiple Vulnerabilities

Critical

Synopsis

The remote host is utilizing a web browser that is affected by multiple attack vectors.

Description

The version of Google Chrome installed on the remote host is prior to 57.0.2987.98, and is affected by multiple vulnerabilities :

- An unspecified flaw exists that may allow a context-dependent attacker to have an unspecified, high severity impact. No further details have been provided by the vendor. (OSVDB 153329) - Integer overflow conditions exist in the 'TrackFragmentRun::Parse()' function in 'media/formats/mp4/box_definitions.cc' that are triggered when parsing track fragments in MP4 content. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (OSVDB 153332) - A use-after-free condition exists that is triggered as GuestView objects inherit the prototypes from the global JS object. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (OSVDB 153334) - A use-after-free error exists in 'guest_view_internal_custom_bindings.cc' that is triggered when handling the GuestViewContainer pointer during a GuestView attach operation. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (OSVDB 153335) - An unspecified flaw exists in the XSS auditor that may allow a context-dependent attacker to disclose information. No further details have been provided by the vendor. (OSVDB 153336) - A flaw exists in the 'Document::initContentSecurityPolicy()' function in 'dom/Document.cpp' that is triggered as local schemes do not inherit the content security policy when using e.g. 'window.open()'. This may allow a context-dependent attacker to bypass the content security policy. (OSVDB 153337) - A flaw exists in 'bindings/templates/interface_base.cpp.tmpl' that is triggered when handling author scripts interacting with 'Symbol.toPrimitive' properties of Location objects. This may allow a context-dependent attacker to disclose information. (OSVDB 153340) - A flaw exists in the Omnibox address bar that may allow a context-dependent attacker to spoof an address. No further details have been provided by the vendor. (OSVDB 153341) - An unspecified flaw exists in the Cast feature that is triggered when handling cookies. This may allow a context-dependent attacker to have an unspecified impact. (OSVDB 153342) - A flaw exists in the 'SVGInlineTextBoxPainter::shouldPaintSelection()' function in 'paint/SVGInlineTextBoxPainter.cpp' that is triggered when painting selections and rendering a mask, clip-path, pattern, or feImage. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (OSVDB 153343) - A flaw exists that is triggered as wrapper objects are shared across window contexts when handling InputDeviceCapabilities objects. This may allow a context-dependent attacker to have an unspecified impact. (OSVDB 153344) - A flaw exists in the 'DOMWindow' class in 'frame/DOMWindow.cpp' that is triggered as wrappers for external APIs are shared between window contexts. This may allow a context-dependent attacker to have an unspecified impact. (OSVDB 153345) - A use-after-free condition exists in the handling of ShaderDiskCache entries in 'gpu/ipc/host/shader_disk_cache.cc' that is triggered when deleting an entry before the backend has finished opening the entry. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (OSVDB 153346) - A flaw exists in 'layout/FloatingObjects.cpp' that is triggered when handling the 'shouldPaint' property in the 'FloatingObject' class. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (OSVDB 153347) - A flaw exists in a 'TraceInCollectionTrait' class template in 'TraceTraits.h' that is triggered when handling container sizes during HeapVectorBacking tracing. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (OSVDB 153348) - A flaw exists in the 'NavigationControllerImpl::RendererDidNavigateToExistingPage()' function in 'navigation_controller_impl.cc' that is triggered when handling data from the renderer process. This may allow a context-dependent attacker to have an unspecified impact on the security UI. (OSVDB 153349) - A race condition exists that is triggered as the 'PlayStateUpdateScope' destructor resolves promises synchronously inside a forbidden scope. This may allow a context-dependent attacker to execute script code in a forbidden scope. (OSVDB 153350) - A flaw exists that is triggered when handling 'childBrowsingContexts' upon named window access. This may allow a context-dependent attacker to have an unspecified impact on the same-origin restriction. (OSVDB 153353) - A flaw exists related to the sandbox Content Security Policy that is triggered when web content is being loaded. This may allow a context-dependent attacker to have an unspecified impact. (OSVDB 153354) - A flaw exists in the handling of timeout limits for foreign fetch events that are triggered by another service worker. This may allow a context-dependent attacker to have an unspecified impact. (OSVDB 153386)

Solution

Update the Chrome browser to 57.0.2987.98 or later.