Detections
Analytics

Google Chrome < 4.6.85.23 Multiple Vulnerabilities

critical Nessus Plugin ID 276621

Language:

Synopsis

A web browser installed on the remote macOS host is affected by multiple vulnerabilities.

Description

The version of Google Chrome installed on the remote macOS host is prior to 4.6.85.23. It is, therefore, affected by multiple vulnerabilities as referenced in the 2015_10_stable-channel-update advisory.

 - Multiple unspecified vulnerabilities in Google Chrome before 46.0.2490.71 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. (CVE-2015-6763)

 - Use-after-free vulnerability in content/browser/service_worker/embedded_worker_instance.cc in the ServiceWorker implementation in Google Chrome before 46.0.2490.71 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging object destruction in a callback. (CVE-2015-6757)

 - The ContainerNode::parserInsertBefore function in core/dom/ContainerNode.cpp in Blink, as used in Google Chrome before 46.0.2490.71, proceeds with a DOM tree insertion in certain cases where a parent node no longer contains a child node, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code. (CVE-2015-6755)

 - Use-after-free vulnerability in the CPDFSDK_PageView implementation in fpdfsdk/src/fsdk_mgr.cpp in PDFium, as used in Google Chrome before 46.0.2490.71, allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact by leveraging mishandling of a focused annotation in a PDF document. (CVE-2015-6756)

 - The CPDF_Document::GetPage function in fpdfapi/fpdf_parser/fpdf_parser_document.cpp in PDFium, as used in Google Chrome before 46.0.2490.71, does not properly perform a cast of a dictionary object, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document. (CVE-2015-6758)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade to Google Chrome version 4.6.85.23 or later.

See Also

http://www.nessus.org/u?77b71ae9

https://crbug.com/519558

https://crbug.com/507316

https://crbug.com/529520

https://crbug.com/522131

https://crbug.com/514076

https://crbug.com/519642

https://crbug.com/512678

Plugin Details

Severity: Critical

ID: 276621

File Name: macosx_google_chrome_4_6_85_23.nasl

Version: 1.2

Type: local

Agent: macosx

Published: 11/24/2025

Updated: 11/24/2025

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2015-6763

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS Score Source: CVE-2015-6757

Vulnerability Information

CPE: cpe:/a:google:chrome

Required KB Items: installed_sw/Google Chrome

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 10/13/2015

Vulnerability Publication Date: 10/13/2015

Reference Information

CVE: CVE-2015-6755, CVE-2015-6756, CVE-2015-6757, CVE-2015-6758, CVE-2015-6759, CVE-2015-6760, CVE-2015-6762, CVE-2015-6763

IAVB: 2015-B-0125-S