This script is Copyright (C) 2017 Tenable Network Security, Inc.
A web browser installed on the remote Windows host is affected by
The version of Google Chrome installed on the remote Windows host is
prior to 57.0.2987.133. It is, therefore, affected by the following
- A type cast error exists in Blink in the
LayoutInline::absoluteVisualRect() function within file
layout/LayoutInline.cpp that allows an unauthenticated,
remote attacker to cause an unspecified impact.
- An out-of-bounds read error exists in V8 in the
IndexOfValueImpl() function template within file
builtins/builtins-array.cc when handling arrays. An
unauthenticated, remote attacker can exploit this to
disclose memory content. (CVE-2017-5053)
- A heap buffer overflow condition exists in V8 that
allows an unauthenticated, remote attacker to execute
arbitrary code. (CVE-2017-5054)
- A use-after-free error exists in the PrintViewManager
class within file printing/print_view_manager.cc when
handling previews. An unauthenticated, remote attacker
can exploit this to deference already freed memory,
resulting in the execution arbitrary code.
- A use-after-free error exists in the Blink that allows
an unauthenticated, remote attacker to dereference
already freed memory, resulting in the execution of
arbitrary code. (CVE-2017-5056)
Note that Nessus has not tested for these issues but has instead
relied only on the application's self-reported version number.
See also :
Upgrade to Google Chrome version 57.0.2987.133 or later.
Risk factor :
High / CVSS Base Score : 9.3
CVSS Temporal Score : 7.3
Public Exploit Available : true