Google Chrome < 42.0.2311.90 Multiple Vulnerabilities (Mac OS X)

high Nessus Plugin ID 82826

Synopsis

The remote Mac OS X host contains a web browser that is affected by multiple vulnerabilities.

Description

The version of Google Chrome installed on the remote Mac OS X host is prior to 42.0.2311.90. It is, therefore, affected by multiple vulnerabilities :

- A cross-origin bypass vulnerability exists due to an unspecified flaw in the HTML parser. (CVE-2015-1235)

- A cross-origin bypass vulnerability exists due to a flaw in MediaElementAudioSourceNode.cpp when handling audio content. (CVE-2015-1236)

- A use-after-free error exists in render_frame_impl.cc due to improper handling of a frame when it receives messages while detaching. An attacker can exploit this flaw to dereference already freed memory and execute arbitrary code. (CVE-2015-1237)

- An unspecified out-of-bounds write flaw exists in the Skia filters. (CVE-2015-1238)

- An out-of-bounds read flaw exists in WebGL due to improper handling of ES3 commands. An attacker can exploit this flaw to disclose memory contents.
(CVE-2015-1240)

- An unspecified tap-jacking flaw exists when certain tap events aren't preceded by TapDown events. An attacker can exploit this to direct taps to cross-pages and cross-domains. (CVE-2015-1241)

- A type confusion error exists in the ReduceTransitionElementsKind() function in hydrogen-check-elimination.cc. An attacker can exploit this error to execute arbitrary code. (CVE-2015-1242)

- A flaw exists related to WebSocket connections due to HTTP Strict Transport Security (HSTS) not being strictly enforced. A man-in-the-middle attacker can exploit this flaw to view and manipulate protected communication.
(CVE-2015-1244)

- A use-after-free error exists in open_pdf_in_reader_view.cc due to improper handling handling the 'Open PDF in Reader' bubble on navigations.
An attacker can exploit this flaw to dereference already freed memory and execute arbitrary code. (CVE-2015-1245)

- An unspecified out-of-bounds read flaw exists in Blink.
An attacker can exploit this to disclose memory contents. (CVE-2015-1246)

- A flaw exists in the OnPageHasOSDD() function in search_engine_tab_helper.cc due to improper handling of URLs for the OpenSearch descriptor. An attacker can exploit this flaw to disclose sensitive information.
(CVE-2015-1247)

- An unspecified flaw exists that allows an attacker to bypass SafeBrowsing. (CVE-2015-1248)

- Multiple unspecified vulnerabilities exist that allow an attacker to have an unspecified impact. (CVE-2015-1249)

- Multiple unspecified vulnerabilities exist in V8 that allow an attacker to cause a denial of service and other unspecified impacts.
(CVE-2015-3333)

- A media permission handling weakness exists due to camera and microphone permissions being merged into a single 'Media' permission. An attacker can exploit this, via a specially crafted website, to turn on a victim's camera while the victim believes camera access is prohibited. (CVE-2015-3334)

- A flaw exists due to missing address space usage limitation (RLIMIT_AS and RLIMIT_DATA) in the Native Client (NaCl) process. This allows a remote attacker to run a crafted program in the NaCl sandbox and to conduct row-hammer attacks. (CVE-2015-3335) Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade to Google Chrome 42.0.2311.90 or later.

See Also

http://www.nessus.org/u?72311cf0

Plugin Details

Severity: High

ID: 82826

File Name: macosx_google_chrome_42_0_2311_90.nasl

Version: 1.9

Type: local

Agent: macosx

Published: 4/16/2015

Updated: 11/22/2019

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2015-3335

Vulnerability Information

CPE: cpe:/a:google:chrome

Required KB Items: MacOSX/Google Chrome/Installed

Exploit Ease: No known exploits are available

Patch Publication Date: 4/14/2015

Vulnerability Publication Date: 4/14/2015

Reference Information

CVE: CVE-2015-1235, CVE-2015-1236, CVE-2015-1237, CVE-2015-1238, CVE-2015-1240, CVE-2015-1241, CVE-2015-1242, CVE-2015-1244, CVE-2015-1245, CVE-2015-1246, CVE-2015-1247, CVE-2015-1248, CVE-2015-1249, CVE-2015-3333, CVE-2015-3334, CVE-2015-3335

BID: 72715, 74165, 74167, 74221, 74225