Google Chrome < 52.0.2743.82 Multiple Vulnerabilites

critical Nessus Network Monitor Plugin ID 9480
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote host is utilizing a web browser that is affected by multiple vulnerabilities.

Description

The version of Google Chrome installed on the remote host is prior to 52.0.2743.82, and is affected by multiple vulnerabilities :

- An out-of-bounds read flaw in the 'xmlParseEndTag2()' function in 'parser.c' is triggered when parsing an end tag. This may allow a context-dependent attacker to crash a process linked against the library or potentially disclose memory contents.
- An out-of-bounds read flaw in the 'xmlNextChar()' function in 'parserInternals.c' is triggered when parsing characters in an XML file. This may allow a context-dependent attacker to crash a process linked against the library or potentially disclose memory contents.
- An overflow condition in the 'htmlParseName()' and 'htmlParseNameComplex()' functions of 'HTMLparser.c' is triggered as user-supplied input is not properly validated when parsing characters in a range. With a specially crafted file, a context-dependent attacker can cause a heap-based buffer overflow, resulting in a denial of service or potentially allowing the execution of arbitrary code.
- An integer overflow condition in the 'xmlParse3986Port()' function in 'uri.c' is triggered as user-supplied input is not properly validated when handling port numbers in the URL. This may allow a context-dependent attacker to have an unspecified impact.
- An out-of-bounds under-read flaw in the 'xmlParseConditionalSections()' and 'xmlParseElementDecl()' functions in 'parser.c' may allow a context-dependent attacker to crash a process linked against the library or potentially disclose memory contents.
- A format string flaw in multiple functionalities is triggered as string format specifiers (e.g. %s and %x) are not properly used. This may allow a context-dependent attacker to potentially execute arbitrary code or cause a denial of service in a process linked against the library.
- An out-of-bounds read flaw in the 'PairPosFormat1::sanitize()' function 'in hb-ot-layout-gpos-table.hh' may allow a context-dependent attacker to crash a process linked against the library or potentially disclose memory contents.
- A flaw in 'PPAPI' is triggered when handling certain messages not sent by the browser in the plugin broker process. This may allow a context-dependent attacker to bypass the sandbox.
- A flaw in 'web/web_state/ui/crw_web_controller.mm' is triggered when handling invalid URLs. This may allow a context-dependent attacker to conduct URL spoofing attacks.
- A use-after-free error related to extensions may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code.
- An array indexing error in the 'ByteArray::Get()' function in 'data/byte_array.cc' is triggered as user-supplied input is not properly validated. This may allow a context-dependent attacker to cause a heap-based buffer overflow, crashing a process linked against the library or potentially allowing the execution of arbitrary code.
- A flaw in 'web/ChromeClientImpl.cpp' is triggered when handling creation of new windows by deferred frames. This may allow a context-dependent attacker to bypass the same-origin policy.
- A flaw in 'core/loader/FrameLoader.

Solution

Update the Chrome browser to 52.0.2743.82 or later.

See Also

http://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html

https://codereview.chromium.org/2010803004

http://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html,https://codereview.chromium.org/2010803004

Plugin Details

Severity: Critical

ID: 9480

Family: Web Clients

Published: 8/12/2016

Updated: 3/6/2019

Nessus ID: 92629

Risk Information

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Vulnerability Information

CPE: cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*

Patch Publication Date: 5/23/2016

Vulnerability Publication Date: 5/23/2016

Reference Information

CVE: CVE-2016-5131, CVE-2016-1833, CVE-2016-1838, CVE-2016-1839, CVE-2016-4447, CVE-2016-4448, CVE-2015-8947, CVE-2016-1695, CVE-2016-1705, CVE-2016-1706, CVE-2016-1708, CVE-2016-1709, CVE-2016-1710, CVE-2016-1711, CVE-2016-5127, CVE-2016-5128, CVE-2016-5129, CVE-2016-5130, CVE-2016-5132, CVE-2016-5133, CVE-2016-5134, CVE-2016-5135, CVE-2016-5136, CVE-2016-5137, CVE-2016-1707

BID: 90864, 90856, 92039