Google Chrome < 42.0.2311.90 Multiple Vulnerabilities

High Nessus Network Monitor Plugin ID 8778

Synopsis

The remote host contains a web browser that is vulnerable to multiple attack vectors.

Description

The version of Google Chrome on the remote host is prior to 42.0.2311.90 and is affected by the following vulnerabilities :

- A cross-origin bypass vulnerability exists due to an unspecified flaw in the HTML parser. (CVE-2015-1235)

- A cross-origin bypass vulnerability exists due to a flaw in 'MediaElementAudioSourceNode.cpp' when handling audio content. (CVE-2015-1236)

- A use-after-free error exists in 'render_frame_impl.cc' due to improper handling of a frame when it receives messages while detaching. An attacker can exploit this flaw to dereference already freed memory and execute arbitrary code. (CVE-2015-1237)

- An unspecified out-of-bounds write flaw exists in the Skia filters. (CVE-2015-1238)

- An out-of-bounds read flaw exists in WebGL due to improper handling of ES3 commands. An attacker can exploit this flaw to disclose memory contents. (CVE-2015-1240)

- An unspecified tap-jacking flaw exists when certain tap events aren't preceded by TapDown events. An attacker can exploit this to direct taps to cross-pages and cross-domains. (CVE-2015-1241)

- A type confusion error exists in the ReduceTransitionElementsKind() function in 'hydrogen-check-elimination.cc'. An attacker can exploit this error to execute arbitrary code. (CVE-2015-1242)

- A flaw exists related to WebSocket connections due to HTTP Strict Transport Security (HSTS) not being strictly enforced. A man-in-the-middle attacker can exploit this flaw to view and manipulate protected communication. (CVE-2015-1244) - A use-after-free error exists in 'open_pdf_in_reader_view.cc' due to improper handling in the 'Open PDF in Reader' bubble on navigations. An attacker can exploit this flaw to dereference already freed memory and execute arbitrary code. (CVE-2015-1245)

- An unspecified out-of-bounds read flaw exists in Blink. An attacker can exploit this to disclose memory contents. (CVE-2015-1246)

- A flaw exists in the OnPageHasOSDD() function in 'search_engine_tab_helper.cc' due to improper handling of URLs for the OpenSearch descriptor. An attacker can exploit this flaw to disclose sensitive information. (CVE-2015-1247)

- An unspecified flaw exists that allows an attacker to bypass SafeBrowsing. (CVE-2015-1248)

- Multiple unspecified vulnerabilities exist that allow an attacker to have an unspecified impact. (CVE-2015-1249)

- Multiple unspecified vulnerabilities exist in V8 that allow an attacker to cause a denial of service and other unspecified impacts. (CVE-2015-3333)

- A media permission handling weakness exists due to camera and microphone permissions being merged into a single 'Media' permission. An attacker can exploit this, via a specially crafted website, to turn on a victim's camera while the victim believes camera access is prohibited. (CVE-2015-3334)

- A flaw exists due to missing address space usage limitation (RLIMIT_AS and RLIMIT_DATA) in the Native Client (NaCl) process. This allows a remote attacker to run a crafted program in the NaCl sandbox and to conduct row-hammer attacks. (CVE-2015-3335)

Solution

Upgrade to Google Chrome 42.0.2311.90 or later.

See Also

http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html

Plugin Details

Severity: High

ID: 8778

Family: Web Clients

Published: 2015/06/15

Modified: 2016/01/19

Dependencies: 4645

Nessus ID: 82825

Risk Information

Risk Factor: High

CVSSv2

Base Score: 9.3

Temporal Score: 8.1

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

CVSSv3

Base Score: 8.1

Temporal Score: 7.7

Vector: CVSS3#AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS3#E:X/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:google:chrome

Patch Publication Date: 2015/04/14

Vulnerability Publication Date: 2015/04/14

Reference Information

CVE: CVE-2015-1235, CVE-2015-1236, CVE-2015-1237, CVE-2015-1238, CVE-2015-1240, CVE-2015-1241, CVE-2015-1242, CVE-2015-1244, CVE-2015-1245, CVE-2015-1246, CVE-2015-1247, CVE-2015-1248, CVE-2015-1249, CVE-2015-3333, CVE-2015-3334, CVE-2015-3335

BID: 72715, 74165, 74167, 74221, 74225