Google Chrome < 42.0.2311.135 Multiple Vulnerabilities

High Nessus Network Monitor Plugin ID 8779

Synopsis

The remote host contains a web browser that is vulnerable to multiple attack vectors.

Description

The version of Google Chrome on the remote host is prior to 42.0.2311.135 and is affected by the following vulnerabilities :

- A use-after-free condition in the 'MutationObserver::disconnect()' function in 'dom/MutationObserver.cpp'. The issue is triggered when iterating over a cloned set and attempting to unregister a MutationObserver registration already unregistered from the original set. With a specially crafted web page, a context-dependent attacker can dereference already freed memory and potentially execute arbitrary code. (CVE-2015-1243)

- A flaw exists in 'media/audio/audio_parameters.cc' that is triggered when handling channel counts that do not match the channel layout. This may allow a context-dependent attacker to potentially execute arbitrary code.

- A flaw exists that is triggered when handling audio conversion with certain channel layouts. This may allow a context-dependent attacker to potentially execute arbitrary code.

- A flaw exists in the 'HTMLImportTreeRoot::recalcTimerFired()' function in 'html/imports/HTMLImportTreeRoot.cpp'. With a specially crafted web page, a context-dependent attacker can potentially execute arbitrary code.

- OpenJPEG as used in Google Chrome contains an integer overflow condition in the 'opj_j2k_update_image_data()' function in 'j2k.c' that is triggered when handling overly large image dimensions. This may allow a context-dependent attacker to cause a heap-based buffer overflow, crashing an application linked against the library or potentially allow execution of arbitrary code. (CVE-2015-1250)

Solution

Upgrade to Google Chrome 42.0.2311.135 or later.

See Also

http://googlechromereleases.blogspot.ie/2015/04/stable-channel-update_28.html

Plugin Details

Severity: High

ID: 8779

File Name: 8779.prm

Family: Web Clients

Published: 2015/06/16

Modified: 2016/11/23

Dependencies: 4645

Nessus ID: 83136, 83137

Risk Information

Risk Factor: High

CVSSv2

Base Score: 9.3

Temporal Score: 8.1

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

CVSSv3

Base Score: 8.1

Temporal Score: 7.7

Vector: CVSS3#AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS3#E:X/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:google:chrome

Patch Publication Date: 2015/04/28

Vulnerability Publication Date: 2015/04/10

Reference Information

CVE: CVE-2015-1243, CVE-2015-1250

BID: 74389