Google Chrome < 48.0.2564.109 Multiple Vulnerabilities
High Nessus Network Monitor Plugin ID 9083
Synopsis
The remote host is utilizing a web browser that is affected by multiple vulnerabilities.
Description
The version of Google Chrome on the remote host is prior to 48.0.2564.109 and is affected by the following vulnerabilities :
- An unspecified flaw exists in the extensions component which may allow a context-dependent attacker to bypass the same-origin policy. (CVE-2016-1622)
- A flaw exists in 'loader/FrameLoader.cpp' that is triggered when handling attachment of child frames during frame detach. This may allow a context-dependent attacker to bypass the same-origin policy. (CVE-2016-1623)
- A flaw exists in a pointer underflow condition in the 'ProcessCommandsInternal()' function in 'dec/decode.c' that is triggered when decoding literals. This may allow a context-dependent attacker to cause a buffer overflow and potentially execute arbitrary code. (CVE-2016-1624)
- A flaw exists in the 'SearchTabHelper::NavigateToURL()' function in 'ui/search/search_tab_helper.cc'. The issue is triggered as navigation is permitted to privileged URLs that should not be considered valid navigation targets. This may allow a context-dependent attacker to bypass intended navigation restrictions. (CVE-2016-1625)
- An out-of-bounds read flaw exists in the 'opj_pi_update_decode_poc()' function in 'lib/openjp2/pi.c'. This may allow a context-dependent attacker to crash a process linked against the library or potentially disclose memory contents. (CVE-2016-1626)
- An unspecified flaw exists that may allow a context-dependent attacker to have an unspecified impact. No further details have been provided by the vendor. (CVE-2016-1627)
Solution
Update the Chrome browser to 48.0.2564.109 or later.