Google Chrome < 47.0.2526.106 Multiple Vulnerabilities

High Nessus Network Monitor Plugin ID 9045

Synopsis

The remote host is utilizing a web browser that is affected by multiple vulnerabilities.

Description

The version of Google Chrome on the remote host is prior to 47.0.2526.106 and is affected by the following vulnerabilities :

- The 'WebCursor::Deserialize()' method in file 'common/cursors/webcursor.cc' is affected by an integer overflow condition that allows an attacker to execute arbitrary code. (CVE-2015-6792)
- The 'MidiManagerAlsa::DispatchSendMidiData()' method in file 'media/midi/midi_manager_alsa.cc' contains an unspecified flaw that allows an attacker to execute arbitrary code outside of sandbox restrictions. (CVE-2015-8664)

In addition to these, the bundled Flash Player component in this version of Google Chrome may be affected by the following vulnerabilities :

- A type confusion error exists that a remote attacker can exploit to execute arbitrary code. (CVE-2015-8644)
- An integer overflow condition exists that a remote attacker can exploit to execute arbitrary code. (CVE-2015-8651)
- Multiple use-after-free errors exist that a remote attacker can exploit to execute arbitrary code. (CVE-2015-8634, CVE-2015-8635, CVE-2015-8638, CVE-2015-8639, CVE-2015-8640, CVE-2015-8641, CVE-2015-8642, CVE-2015-8643, CVE-2015-8646, CVE-2015-8647, CVE-2015-8648, CVE-2015-8649, CVE-2015-8650)
- Multiple memory corruption issues exist that allow a remote attacker to execute arbitrary code. (CVE-2015-8459, CVE-2015-8460, CVE-2015-8636, CVE-2015-8645)

Solution

Update the Chrome browser to 47.0.2526.106 or later.

See Also

http://googlechromereleases.blogspot.com/2015/12/stable-channel-update_15.html

https://helpx.adobe.com/security/products/flash-player/apsb16-01.html

Plugin Details

Severity: High

ID: 9045

Family: Web Clients

Published: 2016/01/08

Modified: 2016/01/08

Dependencies: 4645

Nessus ID: 87417, 87418

Risk Information

Risk Factor: High

CVSSv2

Base Score: 9.3

Temporal Score: 6.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

CVSSv3

Base Score: 8.1

Temporal Score: 7.5

Vector: CVSS3#AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS3#E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:google:chrome

Patch Publication Date: 2015/12/15

Vulnerability Publication Date: 2015/12/04

Reference Information

CVE: CVE-2015-6792, CVE-2015-8459, CVE-2015-8460, CVE-2015-8634, CVE-2015-8635, CVE-2015-8636, CVE-2015-8638, CVE-2015-8639, CVE-2015-8640, CVE-2015-8641, CVE-2015-8642, CVE-2015-8643, CVE-2015-8644, CVE-2015-8645, CVE-2015-8646, CVE-2015-8647, CVE-2015-8648, CVE-2015-8649, CVE-2015-8650, CVE-2015-8651, CVE-2015-8664

IAVB: 2015-B-0142