Google Chrome < 45.0.2454.85 Multiple Vulnerabilities

This script is Copyright (C) 2015-2016 Tenable Network Security, Inc.


Synopsis :

The remote Windows host contains a web browser that is affected by
multiple vulnerabilities.

Description :

The version of Google Chrome installed on the remote Windows host is
prior to 45.0.2454.85. It is, therefore, affected by multiple
vulnerabilities :

- A cross-origin bypass vulnerability exists due to a flaw
in the ContainerNode::parserRemoveChild() function in
ContainerNode.cpp wherein user scripts may unexpectedly
run in 'onunload' handlers during Document Object Model
(DOM) modification. A remote attacker can exploit this,
via a specially crafted web page, to bypass cross-origin
restrictions. (CVE-2015-1291)

- A cross-origin bypass vulnerability exists due to a flaw
in the LocalDOMWindow::navigator() function in
LocalDOMWindow.cpp wherein an incorrect navigator
associated with a frame may be returned. A remote
attacker can exploit this, via a specially crafted web
page, to bypass cross-origin restrictions.
(CVE-2015-1292)

- An unspecified cross-origin bypass vulnerability exists
that allows a remote attacker, via a specially crafted
web page, to bypass cross-origin restrictions.
(CVE-2015-1293)

- A use-after-free error exists in the
SkMatrix::invertNonIdentity() function in SkMatrix.cpp.
A remote attacker can exploit this to dereference
already freed memory, potentially resulting in the
execution of arbitrary code. (CVE-2015-1294)

- A use-after-free error exists in
print_web_view_helper.cc that is triggered when handling
nested IPC handlers. A remote attacker can exploit this
to dereference already freed memory, potentially
resulting in the execution of arbitrary code.
(CVE-2015-1295)

- A spoofing vulnerability exists due to a flaw that is
triggered when displaying a URL containing certain
characters in an omnibox. A remote attacker can exploit
this to include characters that may look like a padlock,
spoofing a secure connection. (CVE-2015-1296)

- An unspecified flaw exists related to permission scoping
as requests in an extension are not hidden from other
extensions. (CVE-2015-1297)

- An unspecified URL handling issue exists as the URL to
be opened after an extension is uninstalled is not
restricted to HTTP and HTTPS. (CVE-2015-1298)

- A use-after-free error exists due to improper validation
of user-supplied input. A remote attacker can exploit
this to dereference already freed memory, potentially
resulting in the execution of arbitrary code.
(CVE-2015-1299)

- An unspecified information disclosure vulnerability
exists in Blink. (CVE-2015-1300)

- Multiple unspecified flaws exist that allow an attacker
to have unspecified medium severity impact.
(CVE-2015-1301)

See also :

http://www.nessus.org/u?96b510c5

Solution :

Upgrade to Google Chrome 45.0.2454.85 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.7
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now