Google Chrome < 44.0.2403.89 Multiple Vulnerabilities (Mac OS X)

This script is Copyright (C) 2015-2016 Tenable Network Security, Inc.


Synopsis :

The remote Mac OS X host contains a web browser that is affected by
multiple vulnerabilities.

Description :

The version of Google Chrome installed on the remote Mac OS X host is
prior to 44.0.2403.89. It is, therefore, affected by multiple
vulnerabilities :

- An uninitialized memory read flaw exists in ICU that an
attacker can exploit to have unspecified impact.
(CVE-2015-1270)

- A heap buffer overflow condition exists in PDFium due to
improper validation of user-supplied input. An attacker
can exploit this to execute arbitrary code or cause a
denial of service. (CVE-2015-1271, CVE-2015-1273)

- A use-after-free memory error exists when the GPU
process is unexpectedly terminated. An attacker can
exploit this to have an unspecified impact.
(CVE-2015-1272)

- The settings for automatic downloading of files allows
EXE files to be auto-opened, which can result in the
execution of malicious code. (CVE-2015-1274)

- A universal cross-site scripting (UXSS) vulnerability
exists in Google Chrome for Android due to improper
validation of 'intent://' URLs. An attacker, using a
specially crafted request, can exploit this to execute
arbitrary script code. (CVE-2015-1275)

- A use-after-free memory error exists in IndexedDB that
can allow an attacker to execute arbitrary code.
(CVE-2015-1276)

- A denial of service vulnerability exists due to a
use-after-free memory error in the method
ui::AXTree::Unserialize. An attacker can exploit this to
cause a crash. (CVE-2015-1277)

- An unspecified flaw exists when handling PDF files that
allows an attacker to spoof URLs. (CVE-2015-1278)

- An integer overflow condition exists in the method
CJBig2_Image::expand() in file JBig2_Image.cpp due to
improper validation of user-supplied input. An attacker
can exploit this to cause a heap-based buffer overflow,
resulting in a denial of service or the execution of
arbitrary code. (CVE-2015-1279)

- A flaw exists in Google Skia due to improper validation
of user-supplied input, which an attacker can exploit to
corrupt memory or execute arbitrary code.
(CVE-2015-1280)

- An unspecified flaw exists that allows an attacker to
bypass the Content Security Policy. (CVE-2015-1281)

- A use-after-free memory error exists in PDFium in the
file javascript/Document.cpp. An attacker, using a
crafted file, can exploit this to execute arbitrary
code. (CVE-2015-1282)

- A heap buffer overflow condition exists in 'expat'.
No other information is available. (CVE-2015-1283)

- A use-after-free memory error exists in Blink that can
allow an attacker to execute arbitrary code.
(CVE-2015-1284)

- An unspecified flaw exists in the XSS auditor that
allows an attacker to gain access to sensitive
information. (CVE-2015-1285)

- A universal cross-site scripting (UXSS) vulnerability
exists in Blink due to improper validation of
unspecified input. An attacker, using a crafted request,
can exploit this to execute arbitrary script code.
(CVE-2015-1286)

- A flaw exists in WebKit related to the handling of
the quirks-mode exception for CSS MIME types, which
allows an attacker to bypass the cross-origin policy.
(CVE-2015-1287)

- A flaw exists in file spellcheck_hunspell_dictionary.cc,
related to the downloading of spellchecker dictionaries
over HTTP, which allows a man-in-the-middle to corrupt
the downloaded dictionaries. (CVE-2015-1288)

- Multiple vulnerabilities exist that were disclosed by
internal auditing, fuzzing, and other initiatives,
which can result in a denial of service, execution of
arbitrary code, or other moderate to severe impact.
(CVE-2015-1289)

See also :

http://www.nessus.org/u?50bc47d5

Solution :

Upgrade to Google Chrome 44.0.2403.89 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.3
(CVSS2#E:POC/RL:OF/RC:ND)
Public Exploit Available : true

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now