Synopsis
A web browser installed on the remote macOS or Mac OS X host is affected by multiple vulnerabilities.
Description
The version of Google Chrome installed on the remote macOS or Mac OS X host is prior to 61.0.3163.79. It is, therefore, affected by the following vulnerabilities :
- A use-after-free error exists in PDFium. A unauthenticated, remote attacker can exploit this to execute arbitrary code.
(CVE-2017-5111)
- A heap buffer overflow condition exists in WebGL that allows an unauthenticated, remote attacker to execute arbitrary code.
(CVE-2017-5112)
- A heap buffer overflow condition exists in Skia that allows an unauthenticated, remote attacker to execute arbitrary code.
(CVE-2017-5113)
- An unspecified memory lifecycle issue exists in PDFium that allow an unauthenticated, remote attacker to have an unspecified impact (CVE-2017-5114)
- An unspecified type confusion errors exist in V8.
(CVE-2017-5115, CVE-2017-5116)
- An unspecified uninitialized value flaws exist in Skia that allows an unauthenticated, remote attacker to have an unspecified impact.
(CVE-2017-5117, CVE-2017-5119)
- An unspecified security bypass vulnerability exists in Blink. An unauthenticated, remote attacker can exploit this to bypass content security policy. (CVE-2017-5118)
- An unspecified flaw allows HTTPS downgrade during redirection.
(CVE-2017-5120)
Note that Nessus has not attempted to exploit these issues but has instead relied only on the application's self-reported version number.
Solution
Upgrade to Google Chrome version 61.0.3163.79 or later.