Google Chrome for Android < 54.0.2840.85 Multiple Vulnerabilities

Medium Nessus Network Monitor Plugin ID 9791

Synopsis

The remote mobile host is affected by multiple attack vectors.

Description

The version of Google Chrome for Android on the remote mobile host is prior to 54.0.2840.85, and affected by multiple vulnerabilities :

- An unspecified flaw exists that may allow a context-dependent attacker to gain access to cross-origin data. No further details have been provided. (CVE-2016-5196)
- A flaw exists that is due to the program failing to validate (e.g. via a whitelist) content intents sent when the user taps on an address, email address, or phone number. This may allow a context-dependent attacker to open arbitrary intent schemes. (CVE-2016-5197)

Solution

Update Chrome for Android to version 54.0.2840.85 or later.

See Also

https://googlechromereleases.blogspot.com/2016/10/chrome-for-android-update_31.html

Plugin Details

Severity: Medium

ID: 9791

File Name: 9791.prm

Published: 2016/11/18

Modified: 2016/11/18

Dependencies: 8092

Risk Information

Risk Factor: Medium

CVSSv2

Base Score: 4.3

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

CVSSv3

Base Score: 3.6

Temporal Score: 3.4

Vector: CVSS3#AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

Temporal Vector: CVSS3#E:X/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:google:chrome_os

Patch Publication Date: 2016/10/31

Vulnerability Publication Date: 2016/10/26

Reference Information

CVE: CVE-2016-5196, CVE-2016-5197

BID: 76476

OSVDB: 146779, 146780