Google Chrome < 58.0.3029.81 Multiple Vulnerabilities (macOS)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

A web browser installed on the remote macOS or Mac OS X host is
affected by multiple vulnerabilities.

Description :

The version of Google Chrome installed on the remote macOS or Mac OS X
host is prior to 58.0.3029.81. It is, therefore, affected by the
following vulnerabilities :

- A type confusion error exists in PDFium in the
CJS_Object::GetEmbedObject() function that allows an
unauthenticated, remote attacker to have an unspecified
impact. (CVE-2017-5057)

- A use-after-free error exists in Print Preview that
allows an unauthenticated, remote attacker to execute
arbitrary code. (CVE-2017-5058)

- A type confusion error exists in Blink due to improper
handling of pseudo-elements in layout trees. An
unauthenticated, remote attacker can exploit this to
have an unspecified impact. (CVE-2017-5059)

- A spoofing vulnerability exists in url_formatter.cc due
to improper handling of Cyrillic letters in domain
names. An unauthenticated, remote attacker can exploit
this to spoof URLs in the address bar. (CVE-2017-5060)

- A flaw exists in the Omnibox component that is triggered
as unloaded content may be rendered in a compositor
frame after a navigation commit. An unauthenticated,
remote attacker can exploit this to spoof URLs in the
address bar. (CVE-2017-5061)

- A use-after-free error exists in the Apps component that
allows an unauthenticated, remote attacker to execute
arbitrary code. (CVE-2017-5062)

- A heap-based buffer overflow condition exists in the
Skia component in the spanSlowRate() function in
SkLinearBitmapPipeline_sample.h due to improper
validation of user-supplied input. An unauthenticated,
remote attacker can exploit this to cause a denial of
service condition or the execution arbitrary code.
(CVE-2017-5063)

- A use-after-free error exists in Blink that allows an
unauthenticated, remote attacker to execute arbitrary
code. (CVE-2017-5064)

- A flaw exists in Blink due to a failure to properly
close validation bubbles when uploading a document. An
unauthenticated, remote attacker can exploit this to
cause an unspecified impact. (CVE-2017-5065)

- A flaw exists in the Networking component due to a
failure to verify certificate chains that have
mismatching signature algorithms. An unauthenticated,
remote attacker can exploit this to have an unspecified
impact. (CVE-2017-5066)

- An unspecified flaw exists in the Omnibox component that
allows an unauthenticated, remote attacker to spoof
URLs. (CVE-2017-5067)

- A same-origin policy bypass vulnerability exists in the
PingLoader::sendViolationReport() function in
PingLoader.cpp due to improper handling of HTTP
Content-Type headers in CSP or XSS auditor violation
reports. An unauthenticated, remote attacker can exploit
this to bypass the same-origin policy. (CVE-2017-5069)

Note that Nessus has not tested for these issues but has instead
relied only on the application's self-reported version number.

See also :

http://www.nessus.org/u?d9ef6b47
https://www.xudongz.com/blog/2017/idn-phishing/

Solution :

Upgrade to Google Chrome version 58.0.3029.81 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.3
(CVSS2#E:POC/RL:OF/RC:ND)
Public Exploit Available : true

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now