Google Chrome < 50.0.2661.102 Multiple Vulnerabilities

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

A web browser installed on the remote Windows host is affected by
multiple vulnerabilities.

Description :

The version of Google Chrome installed on the remote Windows host is
prior to 50.0.2661.102. It is, therefore, affected by multiple
vulnerabilities :

- A same-origin bypass vulnerability exists in DOM due to
scripts being permitted run while a node is being
adopted. A context-dependent attacker can exploit this
to bypass the same-origin policy. (CVE-2016-1667)

- A same-origin bypass vulnerability exists due to a flaw
in the Blink V8 bindings. A context-dependent attacker
can exploit this to bypass the same-origin policy.
(CVE-2016-1668)

- An overflow condition exists in V8 due to improper
validation of user-supplied input. A context-dependent
attacker can exploit this to cause a denial of service
condition or the execution of arbitrary code.
(CVE-2016-1669)

- A race condition exists in the loader related to the use
of ids. An attacker can exploit this to have an
unspecified impact. (CVE-2016-1670)

- Multiple type confusion errors exist in the bundled
version of Adobe Flash that allow an attacker to execute
arbitrary code. (CVE-2016-1105, CVE-2016-4117)

- Multiple use-after-free errors exist in the bundled
version of Adobe Flash that allow an attacker to execute
arbitrary code. (CVE-2016-1097, CVE-2016-1106,
CVE-2016-1107, CVE-2016-1108, CVE-2016-1109,
CVE-2016-1110, CVE-2016-4108, CVE-2016-4110,
CVE-2016-4121)

- A heap buffer overflow condition exists in the bundled
version of Adobe Flash that allows an attacker to
execute arbitrary code. (CVE-2016-1101)

- An unspecified buffer overflow exists in the bundled
version of Adobe Flash that allows an attacker to
execute arbitrary code. (CVE-2016-1103)

- Multiple memory corruption issues exist in the bundled
version of Adobe Flash that allow an attacker to execute
arbitrary code. (CVE-2016-1096, CVE-2016-1098,
CVE-2016-1099, CVE-2016-1100, CVE-2016-1102,
CVE-2016-1104, CVE-2016-4109, CVE-2016-4111,
CVE-2016-4112, CVE-2016-4113, CVE-2016-4114,
CVE-2016-4115, CVE-2016-4120, CVE-2016-4160,
CVE-2016-4161, CVE-2016-4162, CVE-2016-4163)

- A flaw exists in the bundled version of Adobe Flash when
loading dynamic-link libraries. An attacker can exploit
this, via a specially crafted .dll file, to execute
arbitrary code. (CVE-2016-4116)

See also :

http://www.nessus.org/u?ddef1fa8
https://helpx.adobe.com/security/products/flash-player/apsb16-15.html

Solution :

Upgrade to Google Chrome version 50.0.2661.102 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.3
(CVSS2#E:POC/RL:OF/RC:ND)
Public Exploit Available : true