Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Google Chrome < 47.0.2526.73 Multiple Vulnerabilities

High

Synopsis

The remote host is utilizing a web browser that is affected by multiple vulnerabilities.

Description

The version of Google Chrome installed on the remote host is prior to 47.0.2526.73 and is affected by multiple vulnerabilities :

- An out-of-bounds access error exists in Google V8 that is triggered when loading array elements. An attacker can exploit this to have an unspecified impact. (CVE-2015-6764) - A use-after-free error exists that is triggered when handling updates. An unauthenticated, remote attacker can exploit this to dereference already freed memory, resulting in the execution of arbitrary code. (CVE-2015-6765) - A use-after-free error exists in AppCache that is triggered when handling updates. An unauthenticated, remote attacker can exploit this to dereference already freed memory, resulting in the execution of arbitrary code. (CVE-2015-6766) - A use-after-free error exists in the 'OnChannelConnected()' function. An unauthenticated, remote attacker can exploit this to dereference already freed memory, resulting in the execution of arbitrary code. (CVE-2015-6767) - A same-origin bypass vulnerability exists due to a flaw that is triggered when handling 'javascript:' URI document navigations during page dismissal events. An attacker can exploit this to bypass the same-origin policy. (CVE-2015-6768) - A same-origin bypass vulnerability exists due to a flaw that is triggered when committing a provisional load and handling the window proxy. An attacker can exploit this to bypass the same-origin policy. (CVE-2015-6769) - A same-origin bypass vulnerability exists due to a flaw in DOM. An attacker can exploit this to bypass the same-origin policy. (CVE-2015-6770) - An out-of-bounds access error exists in Google V8 related Map and Filter array construction. An attacker can exploit this to have an unspecified impact. (CVE-2015-6771) - A same-origin bypass vulnerability exists due to a flaw that is triggered when navigating to a 'javascript:' URI and detaching the document. An attacker can exploit this to bypass the same-origin policy. (CVE-2015-6772) - An out-of-bounds access error exists in Google Skia related to the handling of rows. An attacker can exploit this to have an unspecified impact. (CVE-2015-6773) - A use-after-free error exists in the 'GetLoadTimes()' function. An unauthenticated, remote attacker can exploit this to dereference already freed memory, resulting in the execution of arbitrary code. (CVE-2015-6774) - A type confusion error exists in Google PDFium. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2015-6775) - A heap-based overflow condition exists in OpenJPEG in the 'opj_dwt_decode()' function due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2015-6776) - A use-after-free error exists in the 'notifyNodeInsertedInternal()' function. An unauthenticated, remote attacker can exploit this to dereference already freed memory, resulting in the execution of arbitrary code. (CVE-2015-6777) - An out-of-bounds access error exists in Google PDFium. An attacker can exploit this to have an unspecified impact. (CVE-2015-6778) - A security bypass vulnerability exists in Google PDFium due to improper restriction of certain URLs (e.g., working links to 'chrome://' are allowed). An attacker can exploit this to bypass intended access restrictions. (CVE-2015-6779) - A use-after-free error exists that is triggered when handling the origin info bubble. An unauthenticated, remote attacker can exploit this to dereference already freed memory, resulting in the execution of arbitrary code. (CVE-2015-6780) - An integer overflow condition exists in Google sfntly due to improper validation of user-supplied input. An attacker can exploit this to have an unspecified impact. (CVE-2015-6781) - A content spoofing vulnerability exists due to a flaw in the 'Document::open()' function that is triggered when handling page dismissal events. An attacker can exploit this to spoof omnibox content. (CVE-2015-6782) - A security bypass vulnerability exists in Google Android Crazy Linker that is triggered when searching for the zip EOCD record signature. An attacker can exploit this to bypass signature validation. (CVE-2015-6783) - A flaw exists that is triggered as '--' in the page URL is not escaped by the page serializer when saving pages. An attacker can exploit this to inject text that is treated as HTML content. (CVE-2015-6784) - A security bypass vulnerability exists that is triggered when matching Content Security Policy (CSP) source lists containing wildcards. An attacker can exploit this to bypass CSP restrictions. (CVE-2015-6785) - A security bypass vulnerability exists due to a flaw that is triggered when matching 'data:', 'blob:', and 'filesystem:' URIs against wildcards. An attacker can exploit this to bypass CSP restrictions. (CVE-2015-6786) - Multiple unspecified flaws exist that allow an unauthenticated, remote attacker to execute arbitrary code. (CVE-2015-6787) - Multiple unspecified vulnerabilities in Google V8 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. (CVE-2015-8478) - Use-after-free vulnerability in the AudioOutputDevice::OnDeviceAuthorized function in 'media/audio/audio_output_device.cc' allows attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact by triggering access to an unauthorized audio output device. (CVE-2015-8479) - The VideoFramePool::PoolImpl::CreateFrame function in 'media/base/video_frame_pool.cc' does not initialize memory for a video-frame data structure, which might allow remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact by leveraging improper interaction with the vp3_h_loop_filter_c function in 'libavcodec/vp3dsp.c' in FFmpeg. (CVE-2015-8480)

Solution

Update the Chrome browser to 47.0.2526.73 or later.