Google Chrome < 44.0.2403.155 Multiple Vulnerabilities

High Nessus Network Monitor Plugin ID 8883

Synopsis

The remote host is utilizing a web browser that is affected by multiple vulnerabilities.

Description

The version of Google Chrome on the remote host is prior to 44.0.2403.155 and is affected by the following vulnerabilities :

- Multiple type confusion errors exist that allow an attacker to execute arbitrary code. (CVE-2015-5128, CVE-2015-5554, CVE-2015-5555, CVE-2015-5558, CVE-2015-5562)
- An unspecified vulnerability exists related to vector length corruptions. (CVE-2015-5125)
- Multiple user-after-free errors exist that allow an attacker to execute arbitrary code. (CVE-2015-5550, CVE-2015-5551, CVE-2015-3107, CVE-2015-5556, CVE-2015-5130, CVE-2015-5134, CVE-2015-5539, CVE-2015-5540, CVE-2015-5557, CVE-2015-5559, CVE-2015-5127, CVE-2015-5563, CVE-2015-5561, CVE-2015-5564, CVE-2015-5565, CVE-2015-5566)
- Multiple heap buffer overflow conditions exist that allow an attacker to execute arbitrary code. (CVE-2015-5129, CVE-2015-5541)
- Multiple buffer overflow conditions exist that allow an attacker to execute arbitrary code. (CVE-2015-5131, CVE-2015-5132, CVE-2015-5133)
- Multiple memory corruption issues exist that allow an attacker to execute arbitrary code. (CVE-2015-5544, CVE-2015-5545, CVE-2015-5546, CVE-2015-5547, CVE-2015-5548, CVE-2015-5549, CVE-2015-5552, CVE-2015-5553)
- An integer overflow condition exists that allows an attacker to execute arbitrary code. (CVE-2015-5560)

Solution

Update the Chrome browser to 44.0.2403.155 or later.

See Also

http://www.nessus.org/u?e46da2dd

https://helpx.adobe.com/security/products/flash-player/apsb15-19.html

Plugin Details

Severity: High

ID: 8883

Family: Web Clients

Published: 2015/09/25

Modified: 2018/09/16

Dependencies: 4645

Nessus ID: 85567, 85568

Risk Information

Risk Factor: High

CVSSv2

Base Score: 9.3

Temporal Score: 6.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

CVSSv3

Base Score: 8.1

Temporal Score: 7.1

Vector: CVSS3#AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS3#E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:google:chrome

Patch Publication Date: 2015/08/11

Vulnerability Publication Date: 2015/08/11

Exploitable With

CANVAS (CANVAS)

Reference Information

CVE: CVE-2015-3107, CVE-2015-5125, CVE-2015-5127, CVE-2015-5128, CVE-2015-5129, CVE-2015-5130, CVE-2015-5131, CVE-2015-5132, CVE-2015-5133, CVE-2015-5134, CVE-2015-5539, CVE-2015-5540, CVE-2015-5541, CVE-2015-5544, CVE-2015-5545, CVE-2015-5546, CVE-2015-5547, CVE-2015-5548, CVE-2015-5549, CVE-2015-5550, CVE-2015-5551, CVE-2015-5552, CVE-2015-5553, CVE-2015-5554, CVE-2015-5555, CVE-2015-5556, CVE-2015-5557, CVE-2015-5558, CVE-2015-5559, CVE-2015-5560, CVE-2015-5561, CVE-2015-5562, CVE-2015-5563, CVE-2015-5564, CVE-2015-5565, CVE-2015-5566

BID: 75087, 76282, 76283, 76287, 76288, 76289, 76291