Google Chrome < 54.0.2840.59 Multiple Vulnerabilities

High Nessus Network Monitor Plugin ID 9687

Synopsis

The remote host is utilizing a web browser that is affected by multiple attack vectors.

Description

The version of Google Chrome installed on the remote host is prior to 54.0.2840.59, and is affected by multiple vulnerabilities :

- A use-after-free error in Internals may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code.
- An unspecified flaw may allow a context-dependent attacker to bypass schemes. No further details have been provided.
- An unspecified flaw may allow a context-dependent attacker to spoof URLs. No further details have been provided.
- A flaw in Bookmarks allows a universal cross-site scripting (XSS) attack. This flaw exists because the program does not validate input before returning it to users. This may allow a context-dependent attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server.
- An unspecified flaw in Blink may allow a context-dependent attacker to bypass Cross-Origin Resource Sharing (CORS) restrictions. No further details have been provided.
- An unspecified flaw may allow a context-dependent attacker to spoof URLs. No further details have been provided.
- A flaw in Blink allows a universal XSS attack. This flaw exists because the program does not validate input before returning it to users. This may allow a context-dependent attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server.
- A use-after-free error in Blink may allow a context-dependent attacker can dereference already freed memory and potentially execute arbitrary code. No further details have been provided.
- An overflow condition exists in Blink. The issue is triggered as certain input is not properly validated. This may allow a context-dependent buffer overflow, potentially allowing the execution of arbitrary code.
- A flaw in the display of drop-down menus may allow a context-dependent attacker to disguise user interface elements and conduct spoofing attacks.
- An out-of-bounds read flaw exists in DevTools. This may allow a context-dependent attacker to potentially disclose memory contents.
- An unspecified flaw may allow a context-dependent attacker to have an unspecified, high severity impact. No further details have been provided by the vendor.
- An unspecified flaw may allow a context-dependent attacker to have an unspecified, medium severity impact. No further details have been provided by the vendor.
- An unspecified flaw exists in the 'SkConic::chopIntoQuadsPOW2()' function in 'core/SkGeometry.cpp' that may allow a context-dependent attacker to have an unspecified, high severity impact.
- An unspecified flaw exists in the 'SkConic::chopIntoQuadsPOW2()' function in 'core/SkGeometry.cpp'. This that may allow a context-dependent attacker to have an unspecified, medium severity impact.
- A flaw exists in the 'FrameView::layoutOrthogonalWritingModeRoots()' function in 'frame/FrameView.cpp'. The issue is triggered when handling orthogonal writing mode roots with floating siblings. This may allow a context-dependent attacker to potentially execute arbitrary code.
- A flaw exists in 'ui/views/website_settings/permission_prompt_impl.cc'. The issue is triggered when handling permission bubbles, as the default action is to accept them. With a specially crafted website performing timing attacks, a context-dependent attacker can obtain unintended permissions.
- An unspecified flaw may allow a context-dependent attacker to have an unspecified, medium severity impact. No further details have been provided by the vendor.

Solution

Update the Chrome browser to 54.0.2840.59 or later.

See Also

https://bugs.chromium.org/p/chromium/issues/detail?id=625698

https://bugs.chromium.org/p/chromium/issues/detail?id=654782

Plugin Details

Severity: High

ID: 9687

Family: Web Clients

Published: 2016/10/17

Updated: 2019/03/06

Nessus ID: 94137

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 8.1

Temporal Score: 8.1

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:google:chrome

Patch Publication Date: 2016/10/12

Vulnerability Publication Date: 2016/10/12

Reference Information

CVE: CVE-2016-5181

BID: 93528