Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Google Chrome < 50.0.2661.94 Multiple Vulnerabilities

High

Synopsis

The remote host is utilizing a web browser that is affected by multiple vulnerabilities.

Description

The version of Google Chrome installed on the remote host is prior to 50.0.2661.94, and is affected by multiple vulnerabilities :

- An out-of-bounds write error exists in Blink that allows a context-dependent attacker to execute arbitrary code. (CVE-2016-1660) - A flaw exists due to improper validation of user-supplied input when handling cross-process frames. A context-dependent attacker can exploit this to corrupt memory, resulting in the execution of arbitrary code. (CVE-2016-1661) - A use-after-free error exists in the extensions component. A context-dependent attacker can exploit this to dereference already freed memory, resulting in the execution of arbitrary code. (CVE-2016-1662) - A use-after-free free error exists in Blink's V8 bindings. A context-dependent attacker can exploit this to dereference already freed memory, resulting in the execution of arbitrary code. (CVE-2016-1663) - An unspecified flaw exists that allows a context-dependent attacker to spoof the address bar. (CVE-2016-1664) - An unspecified flaw exists in V8 that allows a context-dependent attacker to disclose sensitive information. (CVE-2016-1665) - Multiple unspecified vulnerabilities exist that allow a a context-dependent attacker to execute arbitrary code. (CVE-2016-1666)

Solution

Update the Chrome browser to 50.0.2661.94 or later.