Google Chrome < 46.0.2490.71 Multiple Vulnerabilities

High Nessus Network Monitor Plugin ID 9016

Synopsis

The remote host is utilizing a web browser that is affected by multiple vulnerabilities.

Description

The version of Google Chrome installed on the remote host is prior to 46.0.2490.71 and is affected by multiple vulnerabilities :

- Google Chrome contains an unspecified high severity flaw that may allow a context-dependent attacker to have an unspecified impact. No further details have been provided by the vendor. (CVE-2015-6763)
- Google Chrome contains a use-after-free error in 'service_worker/embedded_worker_instance.cc' that is triggered when handling 'EmbeddedWorkerInstance' startup sequence failures. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (CVE-2015-6757)
- Google Chrome contains a flaw in the ContainerNode::parserInsertBefore() function in 'dom/ContainerNode.cpp' that is triggered when removing a specific child during reparenting. This may allow a context-dependent attacker to bypass the same-origin policy. (CVE-2015-6755)
- Google Chrome contains a flaw in the shouldTreatAsUniqueOrigin() function in 'weborigin/SecurityOrigin.cpp' that is triggered when handling the origin of a LocalStorage resource. This may allow a context-dependent attacker to disclose potentially sensitive information. (CVE-2015-6759)
- Google Chrome contains a flaw in the CSSFontFaceSrcValue::fetch() function in 'css/CSSFontFaceSrcValue.cpp' that is triggered when handling CSS fonts. This may allow a context-dependent attacker to bypass Cross-Origin Resource Sharing (CORS) restrictions. (CVE-2015-6762)
- Google V8 contains a use-after-free error in the SlotsBuffer::RemoveInvalidSlots() function in heap/mark-compact.cc. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (CVE-2015-7834)
- Google PDFium contains a use-after-free error in the CPDFSDK_Annot::GetPDFAnnot() function. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code (CVE-2015-6768).
- Google PDFium contains a type-casting flaw in the CPDF_Document::GetPage() function in fpdfapi/fpdf_parser/fpdf_parser_document.cpp. This may allow a context-dependent attacker to potentially execute arbitrary code. (CVE-2015-6758)
- ANGLE contains a flaw in the Image11::map() function in libANGLE/renderer/d3d/d3d11/Image11.cpp that is triggered when handling mapping failures after device-lost events. This may allow a context-dependent attacker to have an unspecified impact in an application linked against the library. (CVE-2015-6760)
- FFmpeg contains a race condition in the update_dimensions() function in libavcodec/vp8.c. The issue is triggered when handling multi-threaded operations based on the coefficient-partition count. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2015-6761)

Solution

Update the Chrome browser to 46.0.2490.71 or later.

See Also

http://googlechromereleases.blogspot.com/2015/10/stable-channel-update.html

Plugin Details

Severity: High

ID: 9016

Family: Web Clients

Published: 2015/12/04

Modified: 2016/01/29

Dependencies: 4645

Nessus ID: 86380, 86381

Risk Information

Risk Factor: High

CVSSv2

Base Score: 9.3

Temporal Score: 7.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:POC/RL:OF/RC:ND

CVSSv3

Base Score: 8.1

Temporal Score: 7.5

Vector: CVSS3#AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS3#E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:google:chrome

Patch Publication Date: 2015/10/13

Vulnerability Publication Date: 2015/07/23

Reference Information

CVE: CVE-2015-6755, CVE-2015-6756, CVE-2015-6757, CVE-2015-6758, CVE-2015-6759, CVE-2015-6760, CVE-2015-6761, CVE-2015-6762, CVE-2015-6763, CVE-2015-7834

BID: 77071