Google Chrome < 48.0.2564.116 Blink Same-Origin Policy Bypass

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote Windows host contains a web browser that is affected by
a security bypass vulnerability.

Description :

The version of Google Chrome installed on the remote Windows host is
prior to 48.0.2564.116. It is, therefore, affected by an unspecified
flaw related to the Blink rendering engine. An attacker can exploit
this to bypass same-origin policy restrictions and escape the sandbox,
allowing the attacker to execute arbitrary code with elevated
privileges.

See also :

http://www.nessus.org/u?63641ede
http://www.chromium.org/blink

Solution :

Upgrade to Google Chrome version 48.0.2564.116 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.7
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 88956 ()

Bugtraq ID:

CVE ID: CVE-2016-1629

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now