Google Chrome < 62.0.3202.89 Multiple Vulnerabilities
High Nessus Network Monitor Plugin ID 700348
SynopsisThe remote host is utilizing a web browser that is affected by multiple attack vectors.
DescriptionThe version of Google Chrome installed on the remote host is prior to 62.0.3202.89, and is affected by multiple vulnerabilities :
- A use-after-free error exists in the 'InstanceBuilder::Build()' function in 'wasm/module-compiler.cc' that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to dereference already freed memory and execute arbitrary code. (CVE-2017-15399)
- An overflow condition exists in the 'QuicClientPromisedInfo::OnPromiseHeaders()' function in 'net/quic/core/quic_client_promised_info.cc' that is triggered when handling method headers. This may allow a context-dependent attacker to cause a stack-based buffer overflow, potentially allowing the execution of arbitrary code. (CVE-2017-15398)
SolutionUpgrade to Chrome version 62.0.3202.89 or later.