Detections
Analytics

Google Chrome < 50.0.2661.102 Multiple Vulnerabilities

high Nessus Plugin ID 91128

Language:

Synopsis

A web browser installed on the remote Windows host is affected by multiple vulnerabilities.

Description

The version of Google Chrome installed on the remote Windows host is prior to 50.0.2661.102. It is, therefore, affected by multiple vulnerabilities as referenced in the 2016_05_stable-channel-update advisory.

 - The Zone::New function in zone.cc in Google V8 before 5.0.71.47, as used in Google Chrome before 50.0.2661.102, does not properly determine when to expand certain memory allocations, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via crafted JavaScript code. (CVE-2016-1669)

 - The TreeScope::adoptIfNeeded function in WebKit/Source/core/dom/TreeScope.cpp in the DOM implementation in Blink, as used in Google Chrome before 50.0.2661.102, does not prevent script execution during node- adoption operations, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. (CVE-2016-1667)

 - The forEachForBinding function in WebKit/Source/bindings/core/v8/Iterable.h in the V8 bindings in Blink, as used in Google Chrome before 50.0.2661.102, uses an improper creation context, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. (CVE-2016-1668)

 - Race condition in the ResourceDispatcherHostImpl::BeginRequest function in content/browser/loader/resource_dispatcher_host_impl.cc in Google Chrome before 50.0.2661.102 allows remote attackers to make arbitrary HTTP requests by leveraging access to a renderer process and reusing a request ID. (CVE-2016-1670)

 - Google Chrome before 50.0.2661.102 on Android mishandles / (slash) and \ (backslash) characters, which allows attackers to conduct directory traversal attacks via a file: URL, related to net/base/escape.cc and net/base/filename_util.cc. (CVE-2016-1671)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade to Google Chrome version 50.0.2661.102 or later.

See Also

http://www.nessus.org/u?4d38721c

https://crbug.com/578882

https://crbug.com/586657

https://crbug.com/605766

https://crbug.com/605910

https://crbug.com/606115

Plugin Details

Severity: High

ID: 91128

File Name: google_chrome_50_0_2661_102.nasl

Version: 1.20

Type: local

Agent: windows

Family: Windows

Published: 5/13/2016

Updated: 11/24/2025

Configuration: Enable thorough checks (optional)

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 6.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2016-1669

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 7.7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:google:chrome

Required KB Items: installed_sw/Google Chrome

Exploit Ease: No known exploits are available

Patch Publication Date: 5/11/2016

Vulnerability Publication Date: 5/11/2016

CISA Known Exploited Vulnerability Due Dates: 3/24/2022

Reference Information

CVE: CVE-2016-1667, CVE-2016-1668, CVE-2016-1669, CVE-2016-1670, CVE-2016-1671

BID: 90505