Detections
Analytics

Google Chrome < 57.0.2987.133 Multiple Vulnerabilities

high Nessus Network Monitor Plugin ID 700054

Synopsis

The remote host is utilizing a web browser that is affected by multiple attack vectors.

Description

The version of Google Chrome installed on the remote host is prior to 57.0.2987.133, and is affected by multiple vulnerabilities :

 - A bad cast flaw exists in the 'LayoutInline::absoluteVisualRect()' function in 'layout/LayoutInline.cpp' that may allow a context-dependent attacker to have an unspecified impact. (CVE-2017-5052)
 - A use-after-free error exists in the 'PrintViewManager' class in printing'/print_view_manager.cc' that is triggered when handling previews. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (CVE-2017-5055)
 - A use-after-free error exists in 'Blink' that may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (CVE-2017-5056)

Solution

Update the Chrome browser to 57.0.2987.133 or later.

See Also

https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop_29.html,https://chromereleases.googleblog.com/2017/03/stable-channel-updates-for-chrome-os_29.html,https://chromereleases.googleblog.com/2017/03/chrome-for-android-update_29.html

Plugin Details

Severity: High

ID: 700054

Family: Web Clients

Published: 4/10/2017

Updated: 3/6/2019

Nessus ID: 99137

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 8.1

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:google:chrome

Patch Publication Date: 3/29/2017

Vulnerability Publication Date: 3/29/2017

Reference Information

CVE: CVE-2017-5052

BID: 97220