Google Chrome < 51.0.2704.63 Multiple Vulnerabilities

high Nessus Plugin ID 91350
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

A web browser installed on the remote Windows host is affected by multiple vulnerabilities.

Description

The version of Google Chrome installed on the remote Windows host is prior to 51.0.2704.63. It is, therefore, affected by multiple vulnerabilities :

- Multiple unspecified flaws exist in extension bindings that allow a remote attacker to bypass the same-origin policy. No other details are available. (CVE-2016-1672, CVE-2016-1676)

- Multiple unspecified flaws exist in Blink that allow a remote attacker to bypass the same-origin policy. No other details are available. (CVE-2016-1673, CVE-2016-1675)

- An unspecified flaw exists in Extensions that allows a remote attacker to bypass the same-origin policy.
No other details are available. (CVE-2016-1674)

- An unspecified type confusion error exists in V8 decodeURI that allows a remote attacker to disclose potentially sensitive information. (CVE-2016-1677)

- A heap buffer overflow condition exists in V8 due to improper validation of user-supplied input. A remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code.
(CVE-2016-1678)

- A heap use-after-free error exists in V8 bindings that allows a remote attacker to deference already freed memory and execute arbitrary code. (CVE-2016-1679)

- A heap use-after-free error exists in Google Skia that allows a remote attacker to deference already freed memory and execute arbitrary code. (CVE-2016-1680)

- A buffer overflow condition exists in OpenJPEG in the opj_j2k_read_SPCod_SPCoc() function within file j2k.c due to improper validation of user-supplied input. A remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code.
(CVE-2016-1681)

- An unspecified flaw exists in ServiceWorker that allows a remote attacker to bypass the Content Security Policy (CSP). No other details are available. (CVE-2016-1682)

- An unspecified out-of-bounds access error exists in libxslt that allows a remote attacker to have an unspecified impact. (CVE-2016-1683)

- An integer overflow condition exists in libxslt that allows a remote attacker to have an unspecified impact.
(CVE-2016-1684)

- Multiple out-of-bounds read errors exist in PDFium that allow a remote attacker to cause a denial of service condition or disclose potentially sensitive information.
(CVE-2016-1685, CVE-2016-1686)

- An unspecified flaw exists in Extensions that allows a remote attacker to disclose potentially sensitive information. No other details are available.
(CVE-2016-1687)

- An out-of-bounds read error exists in V8 that allows a remote attacker to cause a denial of service condition or disclose potentially sensitive information.
(CVE-2016-1688)

- A heap buffer overflow condition exists in Media due to improper validation of user-supplied input. A remote attacker can exploit this to execute arbitrary code.
(CVE-2016-1689)

- A heap use-after-free error exists in Autofill that allows a remote attacker to execute arbitrary code.
(CVE-2016-1690)

- A heap buffer overflow condition exists in Google Skia due to improper validation of user-supplied input. A remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code.
(CVE-2016-1691)

- An unspecified flaw exists in ServiceWorker that allows a remote attacker to carry out a limited bypass of the same-origin policy. No other details are available.
(CVE-2016-1692)

- A flaw exists due to the Software Removal Tool being downloaded over an HTTP connection. A man-in-the-middle attacker can exploit this to manipulate its contents.
(CVE-2016-1693)

- A unspecified flaw exists that is triggered when HTTP Public Key Pinning (HPKP) pins are removed when clearing the cache. No other details are available.
(CVE-2016-1694)

- Multiple unspecified issues exist that allow a remote attacker to execute arbitrary code. (CVE-2016-1695)

- A use-after-free error exists in 'MailboxManagerImpl' that is triggered when handling GPU commands. A remote attacker can exploit this to dereference already freed memory, resulting in the execution of arbitrary code.

Solution

Upgrade to Google Chrome version 51.0.2704.63 or later.

See Also

http://www.nessus.org/u?e4d6f0fa

Plugin Details

Severity: High

ID: 91350

File Name: google_chrome_51_0_2704_63.nasl

Version: 1.14

Type: local

Agent: windows

Family: Windows

Published: 5/27/2016

Updated: 11/19/2019

Dependencies: google_chrome_installed.nasl

Risk Information

CVSS Score Source: CVE-2016-1695

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Temporal Vector: E:U/RL:OF/RC:C

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 7.7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:google:chrome

Required KB Items: SMB/Google_Chrome/Installed

Exploit Ease: No known exploits are available

Patch Publication Date: 5/25/2016

Vulnerability Publication Date: 4/11/2016

Reference Information

CVE: CVE-2016-1672, CVE-2016-1673, CVE-2016-1674, CVE-2016-1675, CVE-2016-1676, CVE-2016-1677, CVE-2016-1678, CVE-2016-1679, CVE-2016-1680, CVE-2016-1681, CVE-2016-1682, CVE-2016-1683, CVE-2016-1684, CVE-2016-1685, CVE-2016-1686, CVE-2016-1687, CVE-2016-1688, CVE-2016-1689, CVE-2016-1690, CVE-2016-1691, CVE-2016-1692, CVE-2016-1693, CVE-2016-1694, CVE-2016-1695

EDB-ID: 39961