Detections
Analytics
Google Chrome < 61.0.3163.100 Multiple Vulnerabilities
medium Nessus Network Monitor Plugin ID 700344
Synopsis
The remote host is utilizing a web browser that is affected by multiple attack vectors.Description
The version of Google Chrome installed on the remote host is prior to 61.0.3163.100, and is affected by multiple vulnerabilities :- A flaw exists that is triggered as the JIT escape analysis pass may optimize out the initialization of certain local variables. With specially crafted JavaScript, a context-dependent attacker can execute arbitrary code.
- An out-of-bounds access flaw exists in WASM that is triggered when handling table sizes. This may allow a context-dependent attacker to potentially execute arbitrary code.
- An off-by-one out-of-bounds access flaw exists in the 'Typer::Visitor::JSCallTyper()' function in 'compiler/typer.cc' that is triggered when handling range optimization for the 'String.indexOf()' and 'String.lastIndexOf()' JavaScript methods. This may allow a context-dependent attacker to execute arbitrary code.
Solution
Upgrade to Chrome version 61.0.3163.100 or later.Plugin Details
Severity: Medium
ID: 700344
Family: Web Clients
Published: 8/23/2018
Updated: 3/6/2019
Nessus ID: 103422
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: Medium
Base Score: 6.8
Temporal Score: 5.6
Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P
Vulnerability Information
CPE: cpe:/a:google:chrome
Patch Publication Date: 9/18/2017
Vulnerability Publication Date: 9/15/2017
Reference Information
CVE: CVE-2017-5121
BID: 100947