Google Chrome < 59.0.3071.104 Multiple Vulnerabilities

critical Nessus Network Monitor Plugin ID 700135

Synopsis

The remote host is utilizing a web browser that is affected by multiple attack vectors.

Description

The version of Google Chrome installed on the remote host is prior to 59.0.3071.104, and is affected by multiple vulnerabilities :

- A security bypass vulnerability exists in the IndexedDB component that allows an unauthenticated, remote attacker to bypass the sandbox. (CVE-2017-5087)
- An out-of-bounds read error exists in the V8 component that allows an unauthenticated, remote attacker to cause a denial of service condition. (CVE-2017-5088)
- An unspecified flaw exists in the Omnibox address bar component that allows an unauthenticated, remote attacker to spoof domains. (CVE-2017-5089)

Solution

Update the Chrome browser to 59.0.3071.104 or later.

See Also

https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop_15.html

Plugin Details

Severity: Critical

ID: 700135

Family: Web Clients

Published: 3/10/2017

Updated: 3/6/2019

Nessus ID: 100991

Risk Information

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Vulnerability Information

CPE: cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*

Patch Publication Date: 3/9/2017

Vulnerability Publication Date: 12/22/2016

Reference Information

CVE: CVE-2017-5087, CVE-2017-5088, CVE-2017-5089

BID: 99096