Google Chrome < 50.0.2661.75 Multiple Vulnerabilities

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

A web browser installed on the remote Mac OS X host is affected by
multiple vulnerabilities.

Description :

The version of Google Chrome installed on the remote Mac OS X host is
prior to 50.0.2661.75. It is, therefore, affected by multiple
vulnerabilities :

- An out-of-bounds read error exists in PDFium in the
sycc420_to_rgb() and sycc422_to_rgb() functions within
file fxcodec/codec/fx_codec_jpx_opj.cpp that is
triggered when decoding JPEG2000 images. An
unauthenticated, remote attacker can exploit this to
cause a denial of service or disclose memory contents.
(CVE-2016-1651)

- A cross-site scripting vulnerability exists due to
a failure by extension bindings to validate input before
returning it to users. An unauthenticated, remote
attacker can exploit this, via a crafted request, to
execute arbitrary script code in the user's browser
session. (CVE-2016-1652)

- An out-of-bounds write error exists in Google V8,
related to the LoadBuffer operator, that is triggered
when handling typed arrays. An unauthenticated, remote
attacker can exploit this to corrupt memory, resulting
in a denial of service or the execution of arbitrary
code. (CVE-2016-1653)

- An uninitialized memory read error exists in media
that allows an attacker to have an unspecified impact.
No other details are available. (CVE-2016-1654)

- A use-after-free error exists in extensions that is
triggered when handling frame removal by content
scripts. An unauthenticated, remote attacker can exploit
this to dereference already freed memory, resulting in
arbitrary code execution. (CVE-2016-1655)

- A flaw exists, related to content disposition, due to
the improper sanitization of the names of downloaded
files. An unauthenticated, remote attacker can exploit
this to bypass path restrictions. (CVE-2016-1656)

- A flaw exists in the FocusLocationBarByDefault()
function of the WebContentsImpl class within the file
content/browser/web_contents/web_contents_impl.cc that
allows an authenticated, remote attacker to spoof the
address bar. (CVE-2016-1657)

- An unspecified flaw exists that allows an
unauthenticated, remote attacker to access sensitive
information by using malicious extensions.
(CVE-2016-1658)

- Multiple vulnerabilities exist in Chrome, the most
serious of which allow an unauthenticated, remote
attacker to execute arbitrary code. (CVE-2016-1659)

See also :

http://www.nessus.org/u?d2fb8d51

Solution :

Upgrade to Google Chrome version 50.0.2661.75 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.9
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: MacOS X Local Security Checks

Nessus Plugin ID: 90543 ()

Bugtraq ID:

CVE ID: CVE-2016-1651
CVE-2016-1652
CVE-2016-1653
CVE-2016-1654
CVE-2016-1655
CVE-2016-1656
CVE-2016-1657
CVE-2016-1658
CVE-2016-1659

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now