Google Chrome < 60.0.3112.78 Multiple Vulnerabilities

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

A web browser installed on the remote Windows host is affected by
multiple vulnerabilities.

Description :

The version of Google Chrome installed on the remote Windows host is
prior to 60.0.3112.78. It is, therefore, affected by the following
vulnerabilities :

- A use-after-free error exists in IndexedDB due to
improper handling of cursors during transactions. An
unauthenticated, remote attacker can exploit this to
execute arbitrary code. (CVE-2017-5091)

- A use-after-free error exists in the PPAPI component
that allows unauthenticated, remote attacker to execute
arbitrary code. (CVE-2017-5092)

- An unspecified flaw exists in Blink that is triggered
when displaying JavaScript alerts in fullscreen mode. An
unauthenticated, remote attacker can exploit this to
spoof components in the user interface. (CVE-2017-5093)

- A type confusion error exists in the 'Extensions
Bindings' component that is triggered when passing event
filters. An unauthenticated, remote attacker can exploit
this to execute arbitrary code. (CVE-2017-5094)

- An overflow condition exists in PDFium due to improper
validation of user-supplied input. An unauthenticated,
remote attacker can exploit this to cause a denial of
service condition or the execution of arbitrary code.
(CVE-2017-5095)

- An unspecified flaw exists related to 'Android intents'
that allows an unauthenticated, remote attacker to
disclose sensitive user information. (CVE-2017-5096)

- An out-of-bounds read error exists in Skia due to
improper handling of verb arrays. An unauthenticated,
remote attacker can exploit this to cause a denial of
service condition or the execution of arbitrary code.
(CVE-2017-5097)

- A use-after-free error exists in Google V8 that allows
an unauthenticated, remote attacker to execute arbitrary
code. (CVE-2017-5098)

- An out-of-bounds write error exists in the PPAPI
component that allows an unauthenticated, remote
attacker to execute arbitrary code. (CVE-2017-5099)

- A use-after-free error exists in the 'Chrome Apps'
component that allows an unauthenticated, remote
attacker to have an unspecified impact. (CVE-2017-5100)

- Multiple unspecified flaws exist in the OmniBox
component that allow an unauthenticated, remote attacker
to spoof URLs in the address bar. (CVE-2017-5101,
CVE-2017-5105)

- Multiple uninitialized memory use flaws exist in Skia
that allow an unauthenticated, remote attacker to have
an unspecified impact. (CVE-2017-5102, CVE-2017-5103)

- Multiple unspecified flaws exist that allow an
unauthenticated, remote attacker to spoof components in
the user interface. (CVE-2017-5104, CVE-2017-5109)

- A flaw exists in OmniBox that is triggered as domain
names containing arbitrary Cyrillic letters are rendered
in the address bar. An unauthenticated, remote attacker
can exploit this, via a specially crafted domain name,
to spoof the URL in the address bar. (CVE-2017-5106)

- A flaw exists in the SVG filters component due to
improper handling of floating point multiplication. An
unauthenticated, remote attacker can exploit this, via a
timing attack, to extract sensitive user information.
(CVE-2017-5107)

- A type confusion error exists in Google V8 that allows
an unauthenticated, remote attacker to have an
unspecified impact. (CVE-2017-5108)

- An unspecified flaw exists in the Payments dialog that
allows an unauthenticated, remote attacker to spoof
components in the user interface. (CVE-2017-5110)

- A type confusion error exists in SQLite due to improper
validation of user-supplied input. An unauthenticated,
remote attacker can exploit this to execute arbitrary
code. (CVE-2017-7000)

Note that Nessus has not attempted to exploit these issues but has
instead relied only on the application's self-reported version number.

See also :

http://www.nessus.org/u?36f62a15

Solution :

Upgrade to Google Chrome version 60.0.3112.78 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.9
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false