Chrome < 52.0.2743.82 Multiple Vulnerabilities

High Log Correlation Engine Plugin ID 802027

Synopsis

The specific version of Chrome that the system is running is reportedly affected by multiple vulnerabilities.

Description

The specific version of Chrome that the system is running is reportedly affected by the following vulnerabilities:

- Google Chrome contains a flaw in PPAPI that is triggered when handling certain messages not sent by the browser in the plugin broker process. This may allow a context-dependent attacker to bypass the sandbox. (CVE-2016-1706)

- Google Chrome for iOS contains a flaw in web/web_state/ui/crw_web_controller.mm that is triggered when handling invalid URLs. This may allow a context-dependent attacker to conduct URL spoofing attacks. (CVE-2016-1707)

- Google Chrome contains a use-after-free error related to extensions that may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code.
(CVE-2016-1708)

- Google sfntly contains an array indexing error in the ByteArray::Get() function in data/byte_array.cc that is triggered as user-supplied input is not properly validated. This may allow a context-dependent attacker to cause a heap-based buffer overflow, crashing a process linked against the library or potentially allowing the execution of arbitrary code. (CVE-2016-1709)

- Google Chrome contains a flaw in web/ChromeClientImpl.cpp that is triggered when handling creation of new windows by deferred frames. This may allow a context-dependent attacker to bypass the same-origin policy. (CVE-2016-1710)

- Google Chrome contains a flaw in core/loader/FrameLoader.cpp that is triggered when handling frame navigations during DocumentLoader detach. This may allow a context-dependent attacker to bypass the same-origin policy. (CVE-2016-1711)

- Google Chrome contains a use-after-free error in the previousLinePosition() function in core/editing/VisibleUnits.cpp. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (CVE-2016-5127)

- Google V8 contains an unspecified flaw which may allow a context-dependent attacker to bypass the same-origin policy. No further details have been provided by the vendor. (CVE-2016-5128)

- Google V8 contains a flaw that is triggered as user-supplied input is not properly validated. This may allow a context-dependent attacker to corrupt memory and cause a denial of service in a process linked against the library or potentially execute arbitrary code. (CVE-2016-5129)

- Google Chrome contains a flaw in the HistoryController::UpdateForCommit() function in content/renderer/history_controller.cc. The issue is triggered when handling two forward navigations that compete in different frames. This may allow a context-dependent attacker to perform URL spoofing attacks. (CVE-2016-5130)

- Libxml2 contains a use-after-free error in the xmlXPtrRangeToFunction() function in xpointer.c. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (CVE-2016-5131)

- Google Chrome contains a flaw related to Service Workers that is triggered when handling subframes of an insecure context. This may allow a context-dependent attacker to perform a limited bypass of the same-origin policy. (CVE-2016-5132)

- Google Chrome contains a flaw related to proxy authentication that is triggere when handling origins. This may allow a context-dependent attacker to spoof the proxy server origin. (CVE-2016-5133)

- Google Chrome contains a flaw that is triggered as https:// URLs are not properly sanitized before being sent to PAC scripts. This may allow a context-dependent attacker to leak URLs. (CVE-2016-5134)

- Google Chrome contains a flaw in html/parser/HTMLPreloadScanner.cpp related to the handling of referrer policies. This may allow a context-dependent attacker to bypass the content security policy (CSP). (CVE-2016-5135)

- Google Chrome contains a use-after-free error in extensions/renderer/user_script_injector.cc that is triggered when handling UserScript pointers. This may allow a malicious extension to dereference already freed memory and potentially execute arbitrary code with elevated privileges. (CVE-2016-5136)

- Google Chrome contains a flaw in the CSPSource::portMatches() function in frame/csp/CSPSource.cpp related to HSTS and CSP when handling HTTP vs HTTPS ports in source expressions. This may allow a context-dependent attacker to disclose browsing history information. (CVE-2016-5137)

- Google Chrome contains a flaw in the LayoutBox::removeFloatingOrPositionedChildFromBlockLists() function in core/layout/LayoutBox.cpp that is triggered when handling LayoutView floats. This may allow a context-dependent attacker to potentially execute arbitrary code. (CVE-2016-1705)

- Google Chrome contains a flaw in the Resource::canUseCacheValidator() function in core/fetch/Resource.cpp that is triggered when revalidating Resource with redirects. This may allow a context-dependent attacker to have an unspecified impact. (CVE-2016-1705)

- Google Chrome contains a flaw in the Resource::willFollowRedirect() function in core/fetch/Resource.cpp that is triggered when handling redirect responses while revalidating resources. This may allow a context-dependent attacker to have an unspecified impact. (CVE-2016-1705)

- Google Chrome contains a flaw in net/url_request/sdch_dictionary_fetcher.cc that is triggered when handling dictionary requests failing after receiving data. This may allow a context-dependent attacker to have an unspecified impact. (CVE-2016-1705)

- Google Chrome contains a flaw in the ShapeResultSpacing::computeSpacing() function in platform/fonts/shaping/ShapeResultSpacing.cpp that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to potentially execute arbitrary code. (CVE-2016-1705)

- Google Chrome contains a flaw in the Channel::Message::Deserialize() function in mojo/edk/system/channel.cc that is triggered when handling header sizes in channel messages. This may allow a context-dependent attacker to potentially execute arbitrary code. (CVE-2016-1705)

- Google Chrome contains an unspecified flaw in Font::individualCharacterRanges() function in platform/fonts/Font.cpp, which may allow a context-dependent attacker to have an unspecified impact. (CVE-2016-1705)

- Google WebRTC contains an out-of-bounds read flaw in the WebRtcIsacfix_PitchFilter() and WebRtcIsacfix_PitchFilterGains() functions in modules/audio_coding/codecs/isac/fix/source/pitch_filter.c that may allow a context-dependent attacker to crash a process linked against the library or potentially disclose memory contents. (CVE-2016-1705)

- Google Chrome contains a flaw in org/chromium/chrome/browser/toolbar/CustomTabToolbarAnimationDelegate.java that is due to the program failing to properly load security icons on custom HTTP connection tabs. This may allow a context-dependent attacker to spoof valid icons. (CVE-2016-1705)

- Google Skia contains an integer overflow condition in the SkLinearGradient::LinearGradientContext::shade4_dx_clamp() function in effects/gradients/SkLinearGradient.cpp . The issue is triggered as user-supplied input is not properly validated. This may allow a context-dependent attacker to have an unspecified impact. (CVE-2016-1705)

- libvpx contains an invalid read flaw in the setup_frame_size_with_refs() function in vp9/decoder/vp9_decodeframe.c that may allow a context-dependent attacker to crash a process linked against the library or potentially disclose memory contents.

- Google Chrome contains an unspecified flaw in extensions that is triggered during the handling of NativeMessaging IDs. This may allow a context-dependent attacker to have an unspecified impact. (CVE-2016-1705)

- Google Chrome contains an out-of-bounds read flaw in the HTMLMenuItemElement::defaultEventHandler() function in core/html/HTMLMenuItemElement.cpp that may allow a context-dependent attacker to potentially disclose memory contents. (CVE-2016-1705)

- Google Chrome contains an unspecified flaw in the GURL::ReplaceComponents() function in url/gurl.cc that is triggered during inner URL creation. This may allow a context-dependent attacker to have an unspecified impact. No further details have been provided. (CVE-2016-1705)

- Google V8 contains an unspecified flaw that may allow a context-dependent attacker to have an unspecified impact. No further details have been provided by the vendor. (CVE-2016-1705)

Solution

It has been reported that this has been fixed. Please refer to the product listing for upgraded versions that address this vulnerability.

See Also

http://www.google.com/chrome/

https://bugs.chromium.org/p/chromium/issues/detail?id=610600

http://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html

http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00020.html

http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00021.html

http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00022.html

http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00028.html

https://www.debian.org/security/2016/dsa-3637

http://www.ubuntu.com/usn/usn-3041-1/

http://news.softpedia.com/news/chrome-52-released-with-support-for-css-containment-and-performance-measurement-506482.shtml

http://seclists.org/bugtraq/2016/Aug/7

https://bugs.chromium.org/p/chromium/issues/detail?id=622183

https://bugs.chromium.org/p/chromium/issues/detail?id=613949

https://bugs.chromium.org/p/chromium/issues/detail?id=614934

https://bugs.chromium.org/p/chromium/issues/detail?id=616907

https://bugs.chromium.org/p/chromium/issues/detail?id=617495

https://bugs.chromium.org/p/chromium/issues/detail?id=618237

https://developers.google.com/v8/

https://bugs.chromium.org/p/chromium/issues/detail?id=619166

https://bugs.chromium.org/p/chromium/issues/detail?id=620553

https://bugs.chromium.org/p/chromium/issues/detail?id=623319

https://bugs.chromium.org/p/chromium/issues/detail?id=623378

https://bugzilla.gnome.org/show_bug.cgi?id=769160

https://bugzilla.gnome.org/show_bug.cgi?id=768428

https://github.com/sparklemotion/nokogiri/issues/1528

http://www.splunk.com/view/SP-CAAAPQM

https://bugs.chromium.org/p/chromium/issues/detail?id=607543

https://bugs.chromium.org/p/chromium/issues/detail?id=613626

https://bugs.chromium.org/p/chromium/issues/detail?id=620737

https://bugs.chromium.org/p/chromium/issues/detail?id=593759

http://jvn.jp/vu/JVNVU90289707/index.html

https://bugs.chromium.org/p/chromium/issues/detail?id=605451

https://bugs.chromium.org/p/chromium/issues/detail?id=625393

https://bugs.chromium.org/p/chromium/issues/detail?id=625945

https://bugs.chromium.org/p/chromium/issues/detail?id=629852

https://bugs.chromium.org/p/chromium/issues/detail?id=613869

https://bugs.chromium.org/p/chromium/issues/detail?id=613971

https://bugs.chromium.org/p/chromium/issues/detail?id=614989

https://bugs.chromium.org/p/chromium/issues/detail?id=620858

https://bugs.chromium.org/p/chromium/issues/detail?id=621843

https://bugs.chromium.org/p/chromium/issues/detail?id=622522

https://bugs.chromium.org/p/chromium/issues/detail?id=620952

https://bugs.chromium.org/p/chromium/issues/detail?id=600953

https://bugs.chromium.org/p/chromium/issues/detail?id=612939

https://bugs.chromium.org/p/chromium/issues/detail?id=599458

https://chromium.googlesource.com/webm/libvpx

https://bugs.chromium.org/p/chromium/issues/detail?id=614701

https://bugs.chromium.org/p/chromium/issues/detail?id=609286

https://bugs.chromium.org/p/chromium/issues/detail?id=590619

https://bugs.chromium.org/p/chromium/issues/detail?id=615820

https://bugs.chromium.org/p/chromium/issues/detail?id=619382

Plugin Details

Severity: High

ID: 802027

File Name: 802027.prm

Family: Web Clients

Published: 2016/09/06

Risk Information

Risk Factor: High

CVSSv2

Base Score: 9.3

Temporal Score: 6.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

Patch Publication Date: 2016/06/14

Vulnerability Publication Date: 2016/06/14

Reference Information

CVE: CVE-2016-1706, CVE-2016-1707, CVE-2016-1708, CVE-2016-1709, CVE-2016-1710, CVE-2016-1711, CVE-2016-5127, CVE-2016-5128, CVE-2016-5129, CVE-2016-5130, CVE-2016-5131, CVE-2016-5132, CVE-2016-5133, CVE-2016-5134, CVE-2016-5135, CVE-2016-5136, CVE-2016-5137, CVE-2016-1705