Google Chrome < 47.0.2526.73 Multiple Vulnerabilities

high Nessus Network Monitor Plugin ID 9020

Synopsis

The remote host is utilizing a web browser that is affected by multiple vulnerabilities.

Description

The version of Google Chrome installed on the remote host is prior to 47.0.2526.73 and is affected by multiple vulnerabilities :

- An out-of-bounds access error exists in Google V8 that is triggered when loading array elements. An attacker can exploit this to have an unspecified impact. (CVE-2015-6764)
- A use-after-free error exists that is triggered when handling updates. An unauthenticated, remote attacker can exploit this to dereference already freed memory, resulting in the execution of arbitrary code. (CVE-2015-6765)
- A use-after-free error exists in AppCache that is triggered when handling updates. An unauthenticated, remote attacker can exploit this to dereference already freed memory, resulting in the execution of arbitrary code. (CVE-2015-6766)
- A use-after-free error exists in the 'OnChannelConnected()' function. An unauthenticated, remote attacker can exploit this to dereference already freed memory, resulting in the execution of arbitrary code. (CVE-2015-6767)
- A same-origin bypass vulnerability exists due to a flaw that is triggered when handling 'javascript:' URI document navigations during page dismissal events. An attacker can exploit this to bypass the same-origin policy. (CVE-2015-6768)
- A same-origin bypass vulnerability exists due to a flaw that is triggered when committing a provisional load and handling the window proxy. An attacker can exploit this to bypass the same-origin policy. (CVE-2015-6769)
- A same-origin bypass vulnerability exists due to a flaw in DOM. An attacker can exploit this to bypass the same-origin policy. (CVE-2015-6770)
- An out-of-bounds access error exists in Google V8 related Map and Filter array construction. An attacker can exploit this to have an unspecified impact. (CVE-2015-6771)
- A same-origin bypass vulnerability exists due to a flaw that is triggered when navigating to a 'javascript:' URI and detaching the document. An attacker can exploit this to bypass the same-origin policy. (CVE-2015-6772)
- An out-of-bounds access error exists in Google Skia related to the handling of rows. An attacker can exploit this to have an unspecified impact. (CVE-2015-6773)
- A use-after-free error exists in the 'GetLoadTimes()' function. An unauthenticated, remote attacker can exploit this to dereference already freed memory, resulting in the execution of arbitrary code. (CVE-2015-6774)
- A type confusion error exists in Google PDFium. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2015-6775)
- A heap-based overflow condition exists in OpenJPEG in the 'opj_dwt_decode()' function due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2015-6776)
- A use-after-free error exists in the 'notifyNodeInsertedInternal()' function.

Solution

Update the Chrome browser to 47.0.2526.73 or later.

See Also

http://googlechromereleases.blogspot.com/2015/12/stable-channel-update.html

Plugin Details

Severity: High

ID: 9020

Family: Web Clients

Published: 12/7/2015

Updated: 3/6/2019

Nessus ID: 87206

Risk Information

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 7.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Vulnerability Information

CPE: cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*

Patch Publication Date: 6/18/2015

Vulnerability Publication Date: 6/18/2015

Reference Information

CVE: CVE-2015-6764, CVE-2015-6765, CVE-2015-6766, CVE-2015-6767, CVE-2015-6768, CVE-2015-6769, CVE-2015-6770, CVE-2015-6771, CVE-2015-6772, CVE-2015-6773, CVE-2015-6774, CVE-2015-6775, CVE-2015-6777, CVE-2015-6778, CVE-2015-6779, CVE-2015-6780, CVE-2015-6781, CVE-2015-6782, CVE-2015-6784, CVE-2015-6785, CVE-2015-6786, CVE-2015-6787, CVE-2015-8478, CVE-2015-6783, CVE-2015-8480, CVE-2015-8479