Google Chrome < 61.0.3163.79 Multiple Vulnerabilities (macOS)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

A web browser installed on the remote macOS or Mac OS X host is
affected by multiple vulnerabilities.

Description :

The version of Google Chrome installed on the remote macOS or Mac OS X
host is prior to 61.0.3163.79. It is, therefore, affected by the
following vulnerabilities :

- A use-after-free error exists in PDFium. A unauthenticated, remote
attacker can exploit this to execute arbitrary code.
(CVE-2017-5111)

- A heap buffer overflow condition exists in WebGL that allows an
unauthenticated, remote attacker to execute arbitrary code.
(CVE-2017-5112)

- A heap buffer overflow condition exists in Skia that allows an
unauthenticated, remote attacker to execute arbitrary code.
(CVE-2017-5113)

- An unspecified memory lifecycle issue exists in PDFium that allow
an unauthenticated, remote attacker to have an unspecified impact
(CVE-2017-5114)

- An unspecified type confusion errors exist in V8.
(CVE-2017-5115, CVE-2017-5116)

- An unspecified uninitialized value flaws exist in Skia that allows
an unauthenticated, remote attacker to have an unspecified impact.
(CVE-2017-5117, CVE-2017-5119)

- An unspecified security bypass vulnerability exists in Blink. An
unauthenticated, remote attacker can exploit this to bypass
content security policy. (CVE-2017-5118)

- An unspecified flaw allows HTTPS downgrade during redirection.
(CVE-2017-5120)

Note that Nessus has not attempted to exploit these issues but has
instead relied only on the application's self-reported version number.

See also :

http://www.nessus.org/u?67b28931

Solution :

Upgrade to Google Chrome version 61.0.3163.79 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.9
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now