Google Chrome < 51.0.2704.103 Multiple Vulnerabilities

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

A web browser installed on the remote Windows host is affected by
multiple vulnerabilities.

Description :

The version of Google Chrome installed on the remote Windows host is
prior to 51.0.2704.103. It is, therefore, affected by multiple
vulnerabilities :

- A flaw exists in the individualCharacterRanges()
function in CachingWordShaper.cpp that is triggered when
handling invalid glyph shaping results. A remote
attacker can exploit this issue to corrupt memory,
resulting in the execution of code. (VulnDB 140128)

- A use-after-free error exists in the OnChannelMessage()
function in node_channel.cc that allows a remote
attacker to dereference already freed memory, resulting
in the execution of arbitrary code. (VulnDB 140129)

- An unspecified flaw exists in
shared_worker_devtools_manager.cc that allows a remote
attacker to have an unspecified impact. (VulnDB 140130)

See also :

http://www.nessus.org/u?0892ec7f

Solution :

Upgrade to Google Chrome version 51.0.2704.103 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.9
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Windows

Nessus Plugin ID: 91716 ()

Bugtraq ID:

CVE ID: CVE-2016-1704

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now