Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Google Chrome < 48.0.2564.109 Multiple Vulnerabilities

High

Synopsis

The remote host is utilizing a web browser that is affected by multiple vulnerabilities.

Description

The version of Google Chrome on the remote host is prior to 48.0.2564.109 and is affected by the following vulnerabilities :

- An unspecified flaw exists in the extensions component which may allow a context-dependent attacker to bypass the same-origin policy. (CVE-2016-1622) - A flaw exists in 'loader/FrameLoader.cpp' that is triggered when handling attachment of child frames during frame detach. This may allow a context-dependent attacker to bypass the same-origin policy. (CVE-2016-1623) - A flaw exists in a pointer underflow condition in the 'ProcessCommandsInternal()' function in 'dec/decode.c' that is triggered when decoding literals. This may allow a context-dependent attacker to cause a buffer overflow and potentially execute arbitrary code. (CVE-2016-1624) - A flaw exists in the 'SearchTabHelper::NavigateToURL()' function in 'ui/search/search_tab_helper.cc'. The issue is triggered as navigation is permitted to privileged URLs that should not be considered valid navigation targets. This may allow a context-dependent attacker to bypass intended navigation restrictions. (CVE-2016-1625) - An out-of-bounds read flaw exists in the 'opj_pi_update_decode_poc()' function in 'lib/openjp2/pi.c'. This may allow a context-dependent attacker to crash a process linked against the library or potentially disclose memory contents. (CVE-2016-1626) - An unspecified flaw exists that may allow a context-dependent attacker to have an unspecified impact. No further details have been provided by the vendor. (CVE-2016-1627)

Solution

Update the Chrome browser to 48.0.2564.109 or later.