Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Google Chrome OS < 43.0.2357.132 Multiple Vulnerabilities

Critical

Synopsis

The remote mobile host was detected using an outdated version of the Chrome OS.

Description

The version of Google Chrome OS on the remote mobile host is prior to 43.0.2357.132 and thus unpatched for the following vulnerabilities :

- A use-after-free error exists in the opaqueBackground class in the ActionScript 3 (AS3) implementation. A remote attacker, via specially crafted Flash content, can dereference already freed memory, resulting in the execution of arbitrary code. (CVE-2015-5122) - A use-after-free error exists in the BitmapData class in the ActionScript 3 (AS3) implementation. A remote attacker, via specially crafted Flash content, can dereference already freed memory, resulting in the execution of arbitrary code. (CVE-2015-5123) - A flaw exists due to user-supplied input not being properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2015-5124) - An information disclosure vulnerability exists that allows an attacker to guess the address for the Flash heap. (CVE-2015-3097) - Multiple heap-based buffer overflow vulnerabilities exist that allow arbitrary code execution. (CVE-2015-3135, CVE-2015-4432, CVE-2015-5118) - Multiple memory corruption vulnerabilities exist that allow arbitrary code execution. (CVE-2015-3117, CVE-2015-3123, CVE-2015-3130, CVE-2015-3133, CVE-2015-3134, CVE-2015-4431) - Multiple NULL pointer dereference flaws exist. (CVE-2015-3126, CVE-2015-4429) - A security bypass vulnerability exists that results in an information disclosure. (CVE-2015-3114) - Multiple type confusion vulnerabilities exist that allow arbitrary code execution. (CVE-2015-3119, CVE-2015-3120, CVE-2015-3121, CVE-2015-3122, CVE-2015-4433) - Multiple use-after-free errors exist that allow arbitrary code execution. (CVE-2015-3118, CVE-2015-3124, CVE-2015-5117, CVE-2015-3127, CVE-2015-3128, CVE-2015-3129, CVE-2015-3131, CVE-2015-3132, CVE-2015-3136, CVE-2015-3137, CVE-2015-4428, CVE-2015-4430, CVE-2015-5119) - Multiple same-origin policy bypass vulnerabilities exist that allow information disclosure. (CVE-2014-0578, CVE-2015-3115, CVE-2015-3116, CVE-2015-3125, CVE-2015-5116) - A memory corruption issue exists due to improper validation of user-supplied input. An attacker can exploit this to execute arbitrary code. (CVE-2015-5124)

Solution

Update Chrome OS to version 43.0.2357.132 or later.