Google Chrome < 53.0.2785.89 Multiple Vulnerabilities

High Nessus Network Monitor Plugin ID 9594

Synopsis

The remote host is utilizing a web browser that is affected by multiple vulnerabilities.

Description

The version of Google Chrome installed on the remote host is prior to 53.0.2785.89, and is affected by multiple vulnerabilities :

 - An unspecified use-after-free error may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code.
 - An unspecified use-after-free error in 'Blink' may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code.
 - An unspecified flaw exists in 'Extensions' that may allow a context-dependent attacker to inject scripts. No further details have been provided by the vendor.
 - A flaw in 'Blink' allows a universal cross-site scripting (XSS) attack. This flaw exists because the program does not validate input before returning it to users. This may allow a context-dependent attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server.
 - A flaw in 'Blink' allows a universal XSS attack. This flaw exists because the program does not validate input before returning it to users. This may allow a context-dependent attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server.
 - An unspecified flaw in 'Extensions' may allow a context-dependent attacker to bypass web accessible resources. No further details have been provided by the vendor.
 - A flaw exists related to honoring of the 'web_accessible_resources' extension manifest field used to restrict web pages from accessing Extension resources. This may allow a context-dependent attacker to bypass intended restrictions.
 - An unspecified flaw may allow a context-dependent attacker to spoof the address bar. No further details have been provided by the vendor.
 - A flaw in 'DevTools' allows a universal XSS attack. This flaw exists because the program does not validate input before returning it to users. This may allow a context-dependent attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server.
 - A use-after-free error in 'Event Bindings' may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code.
 - An overflow condition is triggered as certain input is not properly validated. This may allow a context-dependent attacker to cause a heap-based buffer overflow, resulting in a denial of service in a process linked against the library or potentially allowing the execution of arbitrary code.
 - An overflow condition is triggered as certain input is not properly validated. This may allow a context-dependent attacker to cause a heap-based buffer overflow, resulting in a denial of service in a process linked against the library or potentially allowing the execution of arbitrary code.
 - An unspecified use-after-destruction error in 'Blink' may allow a context-dependent attacker to have an unspecified impact. No further details have been provided.
 - An unspecified flaw related to the usage of 'Save Page As' may allow a context-dependent attacker to conduct an SMB relay attack. No further details have been provided by the vendor.
 - An overflow condition is triggered as certain input is not properly validated. This may allow a context-dependent attacker to cause a heap-based buffer overflow, resulting in a denial of service in a process linked against the library or potentially allowing the execution of arbitrary code.
 - An unspecified flaw in 'DevTools' may allow a context-dependent attacker to inject scripts. No further details have been provided by the vendor.
 - A type confusion flaw in the 'StylePropertySerializer' class in 'Blink' is triggered when a context-dependent attacker manipulates a document's elements. This may allow the attacker to disclose unspecified information which may be used in conjunction with other vulnerabilities to potentially execute arbitrary code.
 - An unspecified flaw may allow a context-dependent attacker to spoof the address bar. No further details have been provided by the vendor.
 - An unspecified issue may allow a context-dependent attacker to have an unspecified, medium severity, impact. No further details have been provided.
 - An unspecified flaw in 'svg/graphics/SVGImage.cpp' is triggered during the handling of timers. This may allow a context-dependent attacker to have an unspecified impact.
 - An unspecified flaw in the 'VTVideoDecodeAccelerator::ReusePictureBuffer()' function in 'media/gpu/vt_video_decode_accelerator_mac.cc' may allow a context-dependent attacker to have an unspecified impact. No further details have been provided.
 - An unspecified flaw is triggered during the handling of blob storage files. This may allow a context-dependent attacker to have an unspecified impact. No further details have been provided.
 - An out-of-bounds read flaw in the 'GetWasmFunctionNameFromTable()' function in 'wasm/wasm-function-name-table.cc' may allow a context-dependent attacker to gain access to sensitive information in the memory.
 - A use-after-free error exists in the 'CJS_Timer::TimerProc()' function in 'fpdfsdk/javascript/JS_Object.cpp'. The issue may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code.
 - An unspecified flaw in the 'ResourceFetcher::determineRevalidationPolicy()' function in 'fetch/ResourceFetcher.cpp' may allow a context-dependent attacker to have an unspecified impact. No further details have been provided.
 - An unspecified flaw in the Mac Omnibox is triggered during the handling of URLs. This may allow a context-dependent attacker to have an unspecified impact. No further details have been provided by the vendor.
 - An unspecified flaw in the safe browsing feature may allow a context-dependent attacker to have an unspecified impact. No further details have been provided by the vendor.
 - An unspecified flaw in the 'shouldUpdateLayoutByReattaching()' function in 'dom/Text.cpp' is triggered during the handling of layout trees related to first-letter pseudo elements. This may allow a context-dependent attacker to have an unspecified impact.
 - An unspecified high severity flaw may allow a context-dependent attacker to have an unspecified impact. No further details have been provided by the vendor.
 - A flaw in the 'winding_mono_cubic()' and 'tangent_cubic()' functions in 'core/SkPath.cpp' may allow a context-dependent attacker to cause an assertion and crash a process linked against the library.

Solution

Update the Chrome browser to 53.0.2785.89 or later.

See Also

http://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html

Plugin Details

Severity: High

ID: 9594

Family: Web Clients

Published: 2016/09/30

Updated: 2019/03/06

Dependencies: 4645

Nessus ID: 93315, 93316

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

CVSS v3.0

Base Score: 6.2

Temporal Score: 5.9

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Temporal Vector: CVSS:3.0/E:X/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:google:chrome

Patch Publication Date: 2016/08/31

Vulnerability Publication Date: 2016/06/23

Reference Information

CVE: CVE-2016-5147, CVE-2016-5148, CVE-2016-5149, CVE-2016-5150, CVE-2016-5151, CVE-2016-5152, CVE-2016-5153, CVE-2016-5154, CVE-2016-5155, CVE-2016-5156, CVE-2016-5158, CVE-2016-5160, CVE-2016-5161, CVE-2016-5162, CVE-2016-5163, CVE-2016-5164, CVE-2016-5165, CVE-2016-5166, CVE-2016-5167, CVE-2016-7395

BID: 92717