Google Chrome < 51.0.2704.63 Multiple Vulnerabilities

high Nessus Network Monitor Plugin ID 9372
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote host is utilizing a web browser that is affected by multiple vulnerabilities.

Description

The version of Google Chrome installed on the remote host is prior to 51.0.2704.63, and is affected by multiple vulnerabilities :

 - Multiple unspecified flaws exist in extension bindings that allow a remote attacker to bypass the same-origin policy. No other details are available.
- Multiple unspecified flaws exist in 'Blink' that allow a remote attacker to bypass the same-origin policy. No other details are available.
- An unspecified flaw exists in 'Extensions' that allows a remote attacker to bypass the same-origin policy. No other details are available.
 - An unspecified type confusion error exists in V8 decodeURI that allows a remote attacker to disclose potentially sensitive information.
 - A heap buffer overflow condition exists in V8 due to improper validation of user-supplied input. A remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code.
 - A heap use-after-free error exists in V8 bindings that allows a remote attacker to deference already freed memory and execute arbitrary code.
 - A heap use-after-free error exists in Google Skia that allows a remote attacker to deference already freed memory and execute arbitrary code.
 - A buffer overflow condition exists in OpenJPEG in the 'opj_j2k_read_SPCod_SPCoc()' function within file 'j2k.c' due to improper validation of user-supplied input. A remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code.
 - An unspecified flaw exists in 'ServiceWorker' that allows a remote attacker to bypass the Content Security Policy (CSP). No other details are available.
 - An unspecified out-of-bounds access error exists in libxslt that allows a remote attacker to have an unspecified impact.
 - An integer overflow condition exists in libxslt that allows a remote attacker to have an unspecified impact.
 - Multiple out-of-bounds read errors exist in PDFium that allow a remote attacker to cause a denial of service condition or disclose potentially sensitive information.
- An unspecified flaw exists in Extensions that allows a remote attacker to disclose potentially sensitive information. No other details are available.
 - An out-of-bounds read error exists in V8 that allows a remote attacker to cause a denial of service condition or disclose potentially sensitive information.
 - A heap buffer overflow condition exists in Media due to improper validation of user-supplied input. A remote attacker can exploit this to execute arbitrary code.
 - A heap use-after-free error exists in Autofill that allows a remote attacker to execute arbitrary code.
 - A heap buffer overflow condition exists in Google Skia due to improper validation of user-supplied input. A remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code.
 - An unspecified flaw exists in 'ServiceWorker' that allows a remote attacker to carry out a limited bypass of the same-origin policy. No other details are available.
 - A flaw exists due to the Software Removal Tool being downloaded over an HTTP connection. A man-in-the-middle attacker can exploit this to manipulate its contents.
 - A unspecified flaw exists that is triggered when HTTP Public Key Pinning (HPKP) pins are removed when clearing the cache. No other details are available.
 - Multiple unspecified issues exist that allow a remote attacker to execute arbitrary code.
 - A use-after-free error exists in 'MailboxManagerImpl'. The issue is triggered when handling GPU commands. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code.

Solution

Update the Chrome browser to 51.0.2704.63 or later.

See Also

http://googlechromereleases.blogspot.com/2016/05/stable-channel-update_25.html

Plugin Details

Severity: High

ID: 9372

Family: Web Clients

Published: 6/16/2016

Updated: 3/6/2019

Nessus ID: 91351

Risk Information

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 7.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C

Vulnerability Information

CPE: cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*

Patch Publication Date: 4/13/2016

Vulnerability Publication Date: 11/30/2015

Reference Information

CVE: CVE-2016-1672, CVE-2016-1673, CVE-2016-1674, CVE-2016-1675, CVE-2016-1676, CVE-2016-1677, CVE-2016-1678, CVE-2016-1679, CVE-2016-1680, CVE-2016-1681, CVE-2016-1682, CVE-2016-1683, CVE-2016-1684, CVE-2016-1685, CVE-2016-1686, CVE-2016-1687, CVE-2016-1688, CVE-2016-1689, CVE-2016-1690, CVE-2016-1691, CVE-2016-1692, CVE-2016-1693, CVE-2016-1694, CVE-2016-1695

BID: 90876