Google Chrome < 53.0.2785.89 Multiple Vulnerabilities

high Nessus Network Monitor Plugin ID 9594

Synopsis

The remote host is utilizing a web browser that is affected by multiple vulnerabilities.

Description

The version of Google Chrome installed on the remote host is prior to 53.0.2785.89, and is affected by multiple vulnerabilities :

- An unspecified use-after-free error may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code.
- An unspecified use-after-free error in 'Blink' may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code.
- An unspecified flaw exists in 'Extensions' that may allow a context-dependent attacker to inject scripts. No further details have been provided by the vendor.
- A flaw in 'Blink' allows a universal cross-site scripting (XSS) attack. This flaw exists because the program does not validate input before returning it to users. This may allow a context-dependent attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server.
- A flaw in 'Blink' allows a universal XSS attack. This flaw exists because the program does not validate input before returning it to users. This may allow a context-dependent attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server.
- An unspecified flaw in 'Extensions' may allow a context-dependent attacker to bypass web accessible resources. No further details have been provided by the vendor.
- A flaw exists related to honoring of the 'web_accessible_resources' extension manifest field used to restrict web pages from accessing Extension resources. This may allow a context-dependent attacker to bypass intended restrictions.
- An unspecified flaw may allow a context-dependent attacker to spoof the address bar. No further details have been provided by the vendor.
- A flaw in 'DevTools' allows a universal XSS attack. This flaw exists because the program does not validate input before returning it to users. This may allow a context-dependent attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server.
- A use-after-free error in 'Event Bindings' may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code.
- An overflow condition is triggered as certain input is not properly validated. This may allow a context-dependent attacker to cause a heap-based buffer overflow, resulting in a denial of service in a process linked against the library or potentially allowing the execution of arbitrary code.
- An overflow condition is triggered as certain input is not properly validated. This may allow a context-dependent attacker to cause a heap-based buffer overflow, resulting in a denial of service in a process linked against the library or potentially allowing the execution of arbitrary code.
- An unspecified use-after-destruction error in 'Blink' may allow a context-dependent attacker to have an unspecified impact. No further details have been provided.
- An unspecified flaw related to the usage of 'Save Page As' may allow a context-dependent attacker to conduct an SMB relay attack.

Solution

Update the Chrome browser to 53.0.2785.89 or later.

See Also

http://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html

Plugin Details

Severity: High

ID: 9594

Family: Web Clients

Published: 9/30/2016

Updated: 3/6/2019

Nessus ID: 93316

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Vulnerability Information

CPE: cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*

Patch Publication Date: 8/31/2016

Vulnerability Publication Date: 6/23/2016

Reference Information

CVE: CVE-2016-5158, CVE-2016-5147, CVE-2016-5148, CVE-2016-5149, CVE-2016-5150, CVE-2016-5151, CVE-2016-5152, CVE-2016-5153, CVE-2016-5154, CVE-2016-5155, CVE-2016-5156, CVE-2016-5160, CVE-2016-5161, CVE-2016-5162, CVE-2016-5163, CVE-2016-5164, CVE-2016-5165, CVE-2016-5166, CVE-2016-5167, CVE-2016-7395

BID: 92717