Detections
Analytics

Google Chrome < 4.9.385.26 Multiple Vulnerabilities

critical Nessus Plugin ID 275879

Synopsis

A web browser installed on the remote Windows host is affected by multiple vulnerabilities.

Description

The version of Google Chrome installed on the remote Windows host is prior to 4.9.385.26. It is, therefore, affected by multiple vulnerabilities as referenced in the 2016_03_stable-channel-update advisory.

 - Multiple unspecified vulnerabilities in Google Chrome before 49.0.2623.75 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. (CVE-2016-1642)

 - The ContainerNode::parserRemoveChild function in WebKit/Source/core/dom/ContainerNode.cpp in Blink, as used in Google Chrome before 49.0.2623.75, mishandles widget updates, which makes it easier for remote attackers to bypass the Same Origin Policy via a crafted web site. (CVE-2016-1630)

 - The PPB_Flash_MessageLoop_Impl::InternalRun function in content/renderer/pepper/ppb_flash_message_loop_impl.cc in the Pepper plugin in Google Chrome before 49.0.2623.75 mishandles nested message loops, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. (CVE-2016-1631)

 - The Extensions subsystem in Google Chrome before 49.0.2623.75 does not properly maintain own properties, which allows remote attackers to bypass intended access restrictions via crafted JavaScript code that triggers an incorrect cast, related to extensions/renderer/v8_helpers.h and gin/converter.h.
 (CVE-2016-1632)

 - Use-after-free vulnerability in Blink, as used in Google Chrome before 49.0.2623.75, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
 (CVE-2016-1633)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade to Google Chrome version 4.9.385.26 or later.

See Also

http://www.nessus.org/u?fcef0755

https://crbug.com/560011

https://crbug.com/569496

https://crbug.com/549986

https://crbug.com/572537

https://crbug.com/559292

https://crbug.com/585268

https://crbug.com/584155

https://crbug.com/560291

https://crbug.com/555544

https://crbug.com/585282

https://crbug.com/572224

https://crbug.com/550047

https://crbug.com/583718

Plugin Details

Severity: Critical

ID: 275879

File Name: google_chrome_4_9_385_26.nasl

Version: 1.1

Type: local

Agent: windows

Family: Windows

Published: 11/20/2025

Updated: 11/20/2025

Configuration: Enable thorough checks (optional)

Supported Sensors: Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.3

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2016-1642

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:google:chrome

Required KB Items: installed_sw/Google Chrome

Exploit Ease: No known exploits are available

Patch Publication Date: 3/2/2016

Vulnerability Publication Date: 11/12/2015

Reference Information

CVE: CVE-2015-8126, CVE-2016-1630, CVE-2016-1631, CVE-2016-1632, CVE-2016-1633, CVE-2016-1634, CVE-2016-1635, CVE-2016-1636, CVE-2016-1637, CVE-2016-1638, CVE-2016-1639, CVE-2016-1640, CVE-2016-1641, CVE-2016-1642

IAVB: 2016-B-0041-S