Google Chrome < 42.0.2311.135 Multiple Vulnerabilities

high Nessus Network Monitor Plugin ID 8779

Synopsis

The remote host contains a web browser that is vulnerable to multiple attack vectors.

Description

The version of Google Chrome on the remote host is prior to 42.0.2311.135 and is affected by the following vulnerabilities :

- A use-after-free condition in the 'MutationObserver::disconnect()' function in 'dom/MutationObserver.cpp'. The issue is triggered when iterating over a cloned set and attempting to unregister a MutationObserver registration already unregistered from the original set. With a specially crafted web page, a context-dependent attacker can dereference already freed memory and potentially execute arbitrary code. (CVE-2015-1243)

- A flaw exists in 'media/audio/audio_parameters.cc' that is triggered when handling channel counts that do not match the channel layout. This may allow a context-dependent attacker to potentially execute arbitrary code.

- A flaw exists that is triggered when handling audio conversion with certain channel layouts. This may allow a context-dependent attacker to potentially execute arbitrary code.

- A flaw exists in the 'HTMLImportTreeRoot::recalcTimerFired()' function in 'html/imports/HTMLImportTreeRoot.cpp'. With a specially crafted web page, a context-dependent attacker can potentially execute arbitrary code.

- OpenJPEG as used in Google Chrome contains an integer overflow condition in the 'opj_j2k_update_image_data()' function in 'j2k.c' that is triggered when handling overly large image dimensions. This may allow a context-dependent attacker to cause a heap-based buffer overflow, crashing an application linked against the library or potentially allow execution of arbitrary code. (CVE-2015-1250)

Solution

Upgrade to Google Chrome 42.0.2311.135 or later.

See Also

http://googlechromereleases.blogspot.ie/2015/04/stable-channel-update_28.html

Plugin Details

Severity: High

ID: 8779

Family: Web Clients

Published: 6/16/2015

Updated: 3/6/2019

Nessus ID: 83137

Risk Information

VPR

Risk Factor: Medium

Score: 5.8

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 8.1

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:google:chrome

Patch Publication Date: 4/28/2015

Vulnerability Publication Date: 4/10/2015

Reference Information

CVE: CVE-2015-1243

BID: 74389