Detections
Analytics

Google Chrome < 50.0.2661.94 Multiple Vulnerabilities

critical Nessus Plugin ID 90795

Language:

Synopsis

A web browser installed on the remote macOS host is affected by multiple vulnerabilities.

Description

The version of Google Chrome installed on the remote macOS host is prior to 50.0.2661.94. It is, therefore, affected by multiple vulnerabilities as referenced in the 2016_04_stable-channel-update_28 advisory.

 - Multiple unspecified vulnerabilities in Google Chrome before 50.0.2661.94 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. (CVE-2016-1666)

 - extensions/renderer/gc_callback.cc in Google Chrome before 50.0.2661.94 does not prevent fallback execution once the Garbage Collection callback has started, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via unknown vectors.
 (CVE-2016-1662)

 - Blink, as used in Google Chrome before 50.0.2661.94, mishandles assertions in the WTF::BitArray and WTF::double_conversion::Vector classes, which allows remote attackers to cause a denial of service (out- of-bounds write) or possibly have unspecified other impact via a crafted web site. (CVE-2016-1660)

 - Blink, as used in Google Chrome before 50.0.2661.94, does not ensure that frames satisfy a check for the same renderer process in addition to a Same Origin Policy check, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted web site, related to BindingSecurity.cpp and DOMWindow.cpp. (CVE-2016-1661)

 - The SerializedScriptValue::transferArrayBuffers function in WebKit/Source/bindings/core/v8/SerializedScriptValue.cpp in the V8 bindings in Blink, as used in Google Chrome before 50.0.2661.94, mishandles certain array-buffer data structures, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted web site. (CVE-2016-1663)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade to Google Chrome version 50.0.2661.94 or later.

See Also

http://www.nessus.org/u?bd55025d

https://crbug.com/574802

https://crbug.com/586820

https://crbug.com/597322

https://crbug.com/601629

https://crbug.com/603732

https://crbug.com/603987

https://crbug.com/606181

Plugin Details

Severity: Critical

ID: 90795

File Name: macosx_google_chrome_50_0_2661_94.nasl

Version: 1.14

Type: local

Agent: macosx

Published: 4/29/2016

Updated: 11/24/2025

Supported Sensors: Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2016-1662

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

CVSS Score Source: CVE-2016-1666

Vulnerability Information

CPE: cpe:/a:google:chrome

Required KB Items: installed_sw/Google Chrome

Exploit Ease: No known exploits are available

Patch Publication Date: 4/28/2016

Vulnerability Publication Date: 2/5/2016

Reference Information

CVE: CVE-2016-1660, CVE-2016-1661, CVE-2016-1662, CVE-2016-1663, CVE-2016-1664, CVE-2016-1665, CVE-2016-1666, CVE-2016-5168

BID: 89106