Google Chrome < 40.0.2214.111 Multiple Vulnerabilities

This script is Copyright (C) 2015-2017 Tenable Network Security, Inc.


Synopsis :

The remote Windows host contains a web browser that is affected by
multiple vulnerabilities.

Description :

The version of Google Chrome installed on the remote Windows host is
prior to 40.0.2214.111. It is, therefore, affected by the following
vulnerabilities :

- Several use-after-free errors exist that allow arbitrary
code execution. (CVE-2015-0313, CVE-2015-0315,
CVE-2015-0320, CVE-2015-0322)

- Several memory corruption errors exist that allow
arbitrary code execution. (CVE-2015-0314,
CVE-2015-0316, CVE-2015-0318, CVE-2015-0321,
CVE-2015-0329, CVE-2015-0330)

- Several type confusion errors exist that allow
arbitrary code execution. (CVE-2015-0317, CVE-2015-0319)

- Several heap-based buffer-overflow errors exist that
allow arbitrary code execution. (CVE-2015-0323,
CVE-2015-0327)

- A buffer overflow error exists that allows arbitrary
code execution. (CVE-2015-0324)

- Several null pointer dereference errors exist that have
unspecified impacts. (CVE-2015-0325, CVE-2015-0326,
CVE-2015-0328).

- A user-after-free error exists within the processing of
invalid m3u8 playlists. A remote attacker, with a
specially crafted m3u8 playlist file, can force a
dangling pointer to be reused after it has been freed,
allowing the execution of arbitrary code.
(CVE-2015-0331)

- A use-after-free error exists related to the DOM
component. (CVE-2015-1209)

- A cross-origin bypass error exists related to the V8
JavaScript engine bindings. (CVE-2015-1210)

- A privilege escalation error exists related to service
workers. (CVE-2015-1211)

- Various, unspecified errors exist. (CVE-2015-1212)

See also :

http://www.nessus.org/u?9661eacd
https://helpx.adobe.com/security/products/flash-player/apsb15-04.html
http://www.zerodayinitiative.com/advisories/ZDI-15-047/

Solution :

Upgrade to Google Chrome 40.0.2214.111 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.7
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true