Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Google Chrome < 42.0.2311.135 Multiple Vulnerabilities

High

Synopsis

The remote host contains a web browser that is vulnerable to multiple attack vectors.

Description

The version of Google Chrome on the remote host is prior to 42.0.2311.135 and is affected by the following vulnerabilities :

- A use-after-free condition in the 'MutationObserver::disconnect()' function in 'dom/MutationObserver.cpp'. The issue is triggered when iterating over a cloned set and attempting to unregister a MutationObserver registration already unregistered from the original set. With a specially crafted web page, a context-dependent attacker can dereference already freed memory and potentially execute arbitrary code. (CVE-2015-1243)

- A flaw exists in 'media/audio/audio_parameters.cc' that is triggered when handling channel counts that do not match the channel layout. This may allow a context-dependent attacker to potentially execute arbitrary code.

- A flaw exists that is triggered when handling audio conversion with certain channel layouts. This may allow a context-dependent attacker to potentially execute arbitrary code.

- A flaw exists in the 'HTMLImportTreeRoot::recalcTimerFired()' function in 'html/imports/HTMLImportTreeRoot.cpp'. With a specially crafted web page, a context-dependent attacker can potentially execute arbitrary code.

- OpenJPEG as used in Google Chrome contains an integer overflow condition in the 'opj_j2k_update_image_data()' function in 'j2k.c' that is triggered when handling overly large image dimensions. This may allow a context-dependent attacker to cause a heap-based buffer overflow, crashing an application linked against the library or potentially allow execution of arbitrary code. (CVE-2015-1250)

Solution

Upgrade to Google Chrome 42.0.2311.135 or later.