Detections
Analytics

Google Chrome < 4.3.61.21 Multiple Vulnerabilities

critical Nessus Plugin ID 276618

Language:

Synopsis

A web browser installed on the remote macOS host is affected by multiple vulnerabilities.

Description

The version of Google Chrome installed on the remote macOS host is prior to 4.3.61.21. It is, therefore, affected by multiple vulnerabilities as referenced in the 2015_05_stable-channel-update_19 advisory.

 - Multiple unspecified vulnerabilities in Google Chrome before 43.0.2357.65 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. (CVE-2015-1265)

 - Multiple use-after-free vulnerabilities in content/renderer/media/user_media_client_impl.cc in the WebRTC implementation in Google Chrome before 43.0.2357.65 allow remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that executes upon completion of a getUserMedia request. (CVE-2015-1260)

 - common/partial_circular_buffer.cc in Google Chrome before 43.0.2357.65 does not properly handle wraps, which allows remote attackers to bypass a sandbox protection mechanism or cause a denial of service (out- of-bounds write) via vectors that trigger a write operation with a large amount of data, related to the PartialCircularBuffer::Write and PartialCircularBuffer::DoWrite functions. (CVE-2015-1252)

 - core/html/parser/HTMLConstructionSite.cpp in the DOM implementation in Blink, as used in Google Chrome before 43.0.2357.65, allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code that appends a child to a SCRIPT element, related to the insert and executeReparentTask functions.
 (CVE-2015-1253)

 - core/dom/Document.cpp in Blink, as used in Google Chrome before 43.0.2357.65, enables the inheritance of the designMode attribute, which allows remote attackers to bypass the Same Origin Policy by leveraging the availability of editing. (CVE-2015-1254)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade to Google Chrome version 4.3.61.21 or later.

See Also

http://www.nessus.org/u?997faa52

https://crbug.com/474029

https://crbug.com/464552

https://crbug.com/444927

https://crbug.com/473253

https://crbug.com/478549

https://crbug.com/481015

https://crbug.com/468519

https://crbug.com/450939

https://crbug.com/468167

https://crbug.com/474370

https://crbug.com/466351

https://crbug.com/476647

https://crbug.com/479162

Plugin Details

Severity: Critical

ID: 276618

File Name: macosx_google_chrome_4_3_61_21.nasl

Version: 1.2

Type: local

Agent: macosx

Published: 11/24/2025

Updated: 11/24/2025

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2015-1265

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS Score Source: CVE-2015-1260

Vulnerability Information

CPE: cpe:/a:google:chrome

Required KB Items: installed_sw/Google Chrome

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 5/19/2015

Vulnerability Publication Date: 5/19/2015

Reference Information

CVE: CVE-2015-1251, CVE-2015-1252, CVE-2015-1253, CVE-2015-1254, CVE-2015-1255, CVE-2015-1256, CVE-2015-1257, CVE-2015-1258, CVE-2015-1259, CVE-2015-1260, CVE-2015-1261, CVE-2015-1262, CVE-2015-1263, CVE-2015-1264, CVE-2015-1265

IAVB: 2015-B-0066-S