Google Chrome < 52.0.2743.82 Multiple Vulnerabilities (Mac OS X)

This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.


Synopsis :

A web browser installed on the remote Mac OS X host is affected by
multiple vulnerabilities.

Description :

The version of Google Chrome installed on the remote Mac OS X host is
prior to 52.0.2743.82. It is, therefore, affected by multiple
vulnerabilities :

- Multiple unspecified vulnerabilities exist that allow a
remote attacker to cause a denial of service condition
or possibly have other impact via unknown vectors.
(CVE-2016-1705)

- A sandbox protection bypass vulnerability exists in
PPAPI due to a failure to validate the origin of IPC
messages to the plugin broker process. An
unauthenticated, remote attacker can exploit this to
bypass the sandbox. (CVE-2016-1706)

- A use-after-free error exists in Extensions due to a
failure to consider object lifetimes during progress
observation. An unauthenticated, remote attacker can
exploit this to dereference already freed memory,
resulting in the execution of arbitrary code.
(CVE-2016-1708)

- An array indexing error exists in the ByteArray::Get()
function in data/byte_array.cc due to improper
validation of user-supplied input. An unauthenticated,
remote attacker can exploit this to cause a heap-based
buffer overflow, resulting in a denial of service
condition or the execution of arbitrary code.
(CVE-2016-1709)

- A same-origin bypass vulnerability exists in Blink due
to a failure to prevent window creation by a deferred
frame. A remote attacker can exploit this to bypass the
same-origin policy. (CVE-2016-1710)

- A same-origin bypass vulnerability exists in Blink due
to a failure to disable frame navigation during a detach
operation on a DocumentLoader object. A remote attacker
can exploit this to bypass the same-origin policy.
(CVE-2016-1711)

- A use-after-free error exists in Blink in the
previousLinePosition() function. An unauthenticated,
remote attacker can exploit this, via crafted JavaScript
code involving an @import at-rule in a Cascading Style
Sheets (CSS) token sequence in conjunction with a
rel=import attribute of a LINK element, to cause a
denial of service condition or the execution of
arbitrary code. (CVE-2016-5127)

- A same-origin bypass vulnerability exists in Google V8
due to a failure to prevent API interceptors from
modifying a store target without setting a property. A
remote attacker can exploit this to bypass the
same-origin policy. (CVE-2016-5128)

- A flaw exists in V8 due to improper processing of
left-trimmed objects. An unauthenticated, remote
attacker can exploit this, via crafted JavaScript code,
to cause a denial of service condition or the execution
of arbitrary code. (CVE-2016-5129)

- A flaw exists that is triggered when handling two
forward navigations that compete in different frames. A
remote attacker can exploit this to conduct a URL
spoofing attack. (CVE-2016-5130)

- A use-after-free error exists in libxml2 in the
xmlXPtrRangeToFunction() function. An unauthenticated,
remote attacker can exploit this to dereference already
freed memory, resulting in the execution of arbitrary
code. (CVE-2016-5131)

- A same-origin bypass vulnerability exists in the Service
Workers subsystem due to a failure to properly implement
the Secure Contexts specification during decisions about
whether to control a subframe. A remote attacker can
exploit this to bypass the same-origin policy.
(CVE-2016-5132)

- A flaw exists in the handling of origin information
during proxy authentication that allows a
man-in-the-middle attacker to spoof a
proxy-authentication login prompt or trigger incorrect
credential storage by modifying the client-server data
stream. (CVE-2016-5133)

- A validation flaw exists in the Proxy Auto-Config (PAC)
feature due to a failure to ensure that URL information
is restricted to a scheme, host, and port. A remote
attacker can exploit this to disclose credentials by
operating a server with a PAC script. (CVE-2016-5134)

- A cross-origin bypass vulnerability exists in Blink due
to a failure to consider referrer-policy information
inside an HTML document during a preload request. A
remote attacker can exploit this to bypass the Content
Security Policy (CSP) protection mechanism.
(CVE-2016-5135)

- A use-after-free error exists in Extensions that allows
a remote attacker to dereference already freed memory,
resulting in the execution of arbitrary code with
elevated privileges. (CVE-2016-5136)

- An information disclosure vulnerability exists in Blink
when handling HTTP vs HTTPs ports in source expressions.
An unauthenticated, remote attacker can exploit this to
determine whether a specific HTTP Strict Transport
Security (HSTS) web site has been visited by reading a
CSP report. (CVE-2016-5137)

Note that Nessus has not tested for these issues but has instead
relied only on the application's self-reported version number.

See also :

http://www.nessus.org/u?7c7c32d0

Solution :

Upgrade to Google Chrome version 52.0.2743.82 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.3
(CVSS2#E:POC/RL:OF/RC:ND)
Public Exploit Available : true

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now