Google Chrome < 42.0.2311.90 Multiple Vulnerabilities (Mac OS X)
High Nessus Plugin ID 82826
SynopsisThe remote Mac OS X host contains a web browser that is affected by multiple vulnerabilities.
DescriptionThe version of Google Chrome installed on the remote Mac OS X host is prior to 42.0.2311.90. It is, therefore, affected by multiple vulnerabilities :
- A cross-origin bypass vulnerability exists due to an unspecified flaw in the HTML parser. (CVE-2015-1235)
- A cross-origin bypass vulnerability exists due to a flaw in MediaElementAudioSourceNode.cpp when handling audio content. (CVE-2015-1236)
- A use-after-free error exists in render_frame_impl.cc due to improper handling of a frame when it receives messages while detaching. An attacker can exploit this flaw to dereference already freed memory and execute arbitrary code. (CVE-2015-1237)
- An unspecified out-of-bounds write flaw exists in the Skia filters. (CVE-2015-1238)
- An out-of-bounds read flaw exists in WebGL due to improper handling of ES3 commands. An attacker can exploit this flaw to disclose memory contents.
- An unspecified tap-jacking flaw exists when certain tap events aren't preceded by TapDown events. An attacker can exploit this to direct taps to cross-pages and cross-domains. (CVE-2015-1241)
- A type confusion error exists in the ReduceTransitionElementsKind() function in hydrogen-check-elimination.cc. An attacker can exploit this error to execute arbitrary code. (CVE-2015-1242)
- A flaw exists related to WebSocket connections due to HTTP Strict Transport Security (HSTS) not being strictly enforced. A man-in-the-middle attacker can exploit this flaw to view and manipulate protected communication.
- A use-after-free error exists in open_pdf_in_reader_view.cc due to improper handling handling the 'Open PDF in Reader' bubble on navigations.
An attacker can exploit this flaw to dereference already freed memory and execute arbitrary code. (CVE-2015-1245)
- An unspecified out-of-bounds read flaw exists in Blink.
An attacker can exploit this to disclose memory contents. (CVE-2015-1246)
- A flaw exists in the OnPageHasOSDD() function in search_engine_tab_helper.cc due to improper handling of URLs for the OpenSearch descriptor. An attacker can exploit this flaw to disclose sensitive information.
- An unspecified flaw exists that allows an attacker to bypass SafeBrowsing. (CVE-2015-1248)
- Multiple unspecified vulnerabilities exist that allow an attacker to have an unspecified impact. (CVE-2015-1249)
- Multiple unspecified vulnerabilities exist in V8 that allow an attacker to cause a denial of service and other unspecified impacts.
- A media permission handling weakness exists due to camera and microphone permissions being merged into a single 'Media' permission. An attacker can exploit this, via a specially crafted website, to turn on a victim's camera while the victim believes camera access is prohibited. (CVE-2015-3334)
- A flaw exists due to missing address space usage limitation (RLIMIT_AS and RLIMIT_DATA) in the Native Client (NaCl) process. This allows a remote attacker to run a crafted program in the NaCl sandbox and to conduct row-hammer attacks. (CVE-2015-3335) Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
SolutionUpgrade to Google Chrome 42.0.2311.90 or later.