Detections
Analytics

Google Chrome < 61.0.3163.79 Multiple Vulnerabilities

high Nessus Network Monitor Plugin ID 700345

Synopsis

The remote host is utilizing a web browser that is affected by multiple attack vectors.

Description

The version of Google Chrome installed on the remote host is prior to 61.0.3163.79, and is affected by multiple vulnerabilities :

 - A use-after-free flaw exists in WebAssembly that is triggered when async compilation is enabled. This may allow a context-dependent attacker to have an unspecified impact.
 - A flaw exists that is triggered when handling the 'ExternalInterface.'addCallback'()' ActionScript method, as it works across isolated worlds. This may allow a context-dependent attacker to bypass intended security restrictions.
 - A double-free condition exists in the 'celt_header()' function in 'libavformat/oggparsecelt.c' that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to crash a process linked against the library or potentially execute arbitrary code.
 - A use-after-poison flaw exists in the 'LocalFrameView::ForAllNonThrottledLocalFrameViews()' function in 'frame/LocalFrameView.cpp' that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to potentially execute arbitrary code.
 - A flaw exists that is triggered when handling maximum stack space exceeded exceptions in the WritableStream and
 - An flaw exists in the SSLCommonNameMismatchHandling feature that is triggered during redirect navigation and may result in using an HTTP URL. This may allow a MitM attacker to disclose the path of the original HTTPS URL.
 - A flaw exists in the 'SkArithmeticImageFilter::Make()' function related to use of uninitialized memory. This may allow a context-dependent attacker to have an unspecified impact.
 - A flaw exists that is triggered as the Content Security Policy (CSP) is not inherited when inheriting the security origin during main window navigation. This may allow a context-dependent attacker to bypass the Content Security Policy.
 - A flaw exists in the 'SkPathMeasure::getLength()' function in 'core/SkPathMeasure.cpp' related to use of uninitialized memory. This may allow a context-dependent attacker to crash a process linked against the library or potentially execute arbitrary code.
 - An out-of-bounds write flaw exists in the 'GetFirstArgumentAsBytes()' function in '/wasm/wasm-js.cc' that is triggered when processing WebAssembly code. This may allow a context-dependent attacker to manipulate memory content and execute arbitrary code.
 - A type confusion flaw exists in the 'VirtualObject::MergeFields()' function in 'compiler/escape-analysis.cc' that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to potentially execute arbitary code.
 - A flaw exists in 'core/fxcodec/codec/fx_codec_jpx_opj.cpp' that is triggered when management memory lifecycles. This may allow an context-dependent attacker to corrupt memory and potentially execute arbitrary code.
 - An integer overflow condition exists in the SkArenaAlloc class in 'core/SkArenaAlloc.cpp' that is triggered when allocating memory. This may allow a context-dependent attacker to cause a heap-based buffer overflow, potentially allowing to execute arbitrary code.
 - An overflow condition exists in the WebGL component that is triggered as certain input is not properly validated when handling ES3 pixel pack parameters. This may allow a context-dependent attacker to cause a heap-based buffer overflow and potentially execute arbitrary code.
 - A use-after-free error exists in the handling of CPWL_Wnd objects. With a specially crafted web page, a context-dependent attacker can dereference already freed memory and potentially execute arbitrary code.

Solution

Upgrade to Chrome version 61.0.3163.79 or later.

See Also

http://www.nessus.org/u?67b28931

Plugin Details

Severity: High

ID: 700345

Family: Web Clients

Published: 8/23/2018

Updated: 3/6/2019

Nessus ID: 102994

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 7.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:google:chrome

Patch Publication Date: 9/5/2017

Vulnerability Publication Date: 9/5/2017

Reference Information

CVE: CVE-2017-5111

BID: 100610