Detections
Analytics

Google Chrome < 50.0.2661.102 Multiple Vulnerabilities

high Nessus Network Monitor Plugin ID 9371

Synopsis

The remote host is utilizing a web browser that is affected by multiple vulnerabilities.

Description

The version of Google Chrome installed on the remote host is prior to 50.0.2661.102, and is affected by multiple vulnerabilities :

 - A same-origin bypass vulnerability exists in DOM due to scripts being permitted run while a node is being adopted. A context-dependent attacker can exploit this to bypass the same-origin policy. (CVE-2016-1667)
 - A same-origin bypass vulnerability exists due to a flaw in the Blink V8 bindings. A context-dependent attacker can exploit this to bypass the same-origin policy. (CVE-2016-1668)
 - An overflow condition exists in V8 due to improper validation of user-supplied input. A context-dependent attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-1669)
 - A race condition exists in the loader related to the use of ids. An attacker can exploit this to have an unspecified impact. (CVE-2016-1670)

The following vulnerabilities affect the bundled version of Flash Player in Chrome :

 - Multiple type confusion errors exist that allow an attacker to execute arbitrary code. (CVE-2016-1105, CVE-2016-4117)
 - Multiple use-after-free errors exist that allow an attacker to execute arbitrary code. (CVE-2016-1097, CVE-2016-1106, CVE-2016-1107, CVE-2016-1108, CVE-2016-1109, CVE-2016-1110, CVE-2016-4108, CVE-2016-4110, CVE-2016-4121)
 - A heap buffer overflow condition exists that allows an attacker to execute arbitrary code. (CVE-2016-1101)
 - An unspecified buffer overflow exists that allows an attacker to execute arbitrary code. (CVE-2016-1103)
 - Multiple memory corruption issues exist that allow an attacker to execute arbitrary code. (CVE-2016-1096, CVE-2016-1098, CVE-2016-1099, CVE-2016-1100, CVE-2016-1102, CVE-2016-1104, CVE-2016-4109, CVE-2016-4111, CVE-2016-4112, CVE-2016-4113, CVE-2016-4114, CVE-2016-4115, CVE-2016-4120, CVE-2016-4160, CVE-2016-4161, CVE-2016-4162, CVE-2016-4163)
 - A flaw exists when loading dynamic-link libraries. An attacker can exploit this, via a specially crafted .dll file, to execute arbitrary code. (CVE-2016-4116)

Solution

Update the Chrome browser to 50.0.2661.102 or later.

See Also

http://googlechromereleases.blogspot.com/2016/05/stable-channel-update.html

Plugin Details

Severity: High

ID: 9371

Family: Web Clients

Published: 6/16/2016

Updated: 3/6/2019

Nessus ID: 91129

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 7.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:google:chrome

Patch Publication Date: 5/11/2016

Vulnerability Publication Date: 1/30/2016

Reference Information

CVE: CVE-2016-1096

BID: 90505