Google Chrome < 41.0.2272.76 Multiple Vulnerabilities

high Nessus Network Monitor Plugin ID 8684

Synopsis

The remote host is utilizing a web browser that is outdated and thus unpatched for multiple vulnerabilities.

Description

The version of Google Chrome installed on the remote host is a version prior to 41.0.2272.76 and is thus missing fixes for the following vulnerabilities :

- A security feature bypass vulnerability, known as FREAK (Factoring attack on RSA-EXPORT Keys), exists due to the support of weak EXPORT_RSA cipher suites with keys less than or equal to 512 bits. A man-in-the-middle attacker may be able to downgrade the SSL/TLS connection to use EXPORT_RSA cipher suites which can be factored in a short amount of time, allowing the attacker to intercept and decrypt the traffic. (CVE-2015-0204)

- Multiple security issues were discovered in V8. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to read uninitialized memory, cause a denial of service via renderer crash or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2015-2238)

- Multiple unspecified security issues were reported after internal code audits and fuzzing. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to read uninitialized memory, cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking the program. (CVE-2015-1231)

- An out-of-bounds write flaw exists due to an array index error in the DispatchSendMidiData() function that occurs when handling a port index supplied by a renderer. A remote attacker can exploit this to cause a denial of service condition. (CVE-2015-1232)

- Multiple out-of-bounds write errors exist in skia filters and media. (CVE-2015-1212, CVE-2015-1213, CVE-2015-1214, CVE-2015-1215)

- Multiple use-after-free errors exist in v8 bindings, DOM, GIF decoder, web databases, and service workers, which allow arbitrary code execution. (CVE-2015-1216, CVE-2015-1218, CVE-2015-1220, CVE-2015-1221, CVE-2015-1222, CVE-2015-1223)

- Multiple type confusion errors exist in v8 bindings that allow arbitrary code execution. (CVE-2015-1217, CVE-2015-1230)

- An integer overflow error exists in the WebGL that allows arbitrary code execution. (CVE-2015-1219)

- Multiple out-of-bounds read errors exist in VPXdecoder and PDFium that allow unauthorized access to information. (CVE-2015-1224, CVE-2015-1225)

- A validation error exists in the debugger. (CVE-2015-1226)

- Multiple uninitialized value errors exist in blink and rendering. (CVE-2015-1227, CVE-2015-1228)

- A cookie-injection vulnerability exists due to a failure to properly handle a 407 HTTP status code accompanied by a Set-Cookie header. (CVE-2015-1229)

- A security bypass flaw exists to allow spoofing due to improper interaction between the '1993 search' features and 'restore-from-disk RELOAD' transitions when Instant Extended mode is used. A remote attacker can exploit this flaw to spoof the address bar contents for a search-results page. (CVE-2015-2239)

Solution

Update the Chrome browser to 41.0.2272.76, or later.

See Also

http://www.nessus.org/u?dbe2503e,https://code.google.com/p/chromium/issues/detail?id=463349,https://www.smacktls.com/#freak

Plugin Details

Severity: High

ID: 8684

Family: Web Clients

Published: 4/9/2015

Updated: 3/6/2019

Nessus ID: 81648

Risk Information

VPR

Risk Factor: Medium

Score: 4.5

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 8.1

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:google:chrome

Patch Publication Date: 3/3/2015

Vulnerability Publication Date: 3/3/2015

Reference Information

CVE: CVE-2015-0204

BID: 72901