Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Google Chrome < 56.0.2924.76 Multiple Vulnerabilities

Medium

Synopsis

The remote host is utilizing a web browser that is affected by multiple attack vectors.

Description

The version of Google Chrome installed on the remote host is prior to 56.0.2924.76, and is affected by multiple vulnerabilities :

- A flaw exists that allows a universal cross-site scripting (UXSS) attack. This flaw exists because the program does not properly suspend pages that are closing, but not yet fully closed. This may allow a context-dependent attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and any website. (OSVDB 150936) - A flaw exists in the 'Document::shutdown()' function in 'dom/Document.cpp' that allows a UXSS attack. This flaw exists because the program does not properly clear the the owner's widget for a frame. This may allow a context-dependent attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and any website. (OSVDB 150937) - A flaw exists in the 'compileAndRunPrivateScript()' function in 'bindings/core/v8/PrivateScriptRunner.cpp' that allows a UXSS attack. This flaw exists because the program does not properly protect private scripts. This may allow a context-dependent attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and any website. (OSVDB 150938) - A flaw exists in 'css/FontFace.cpp' that allows a UXSS attack. This flaw exists because the program does not properly handle FontFace objects. This may allow a context-dependent attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and any website. (OSVDB 150939) - A flaw exists in Devtools related to front-end URL handling. This may allow a context-dependent attacker to gain unauthorized access to files. (OSVDB 150940) - A flaw exists in the 'Browser::ShouldFocusLocationBarByDefault()' function in 'ui/browser.cc' that is triggered when handling NTP navigations in non-selected tabs. This may allow a context-dependent attacker to spoof the address. (OSVDB 150943) - An unspecified flaw exists in Omnibox that may allow a context-dependent attacker to spoof the address. No further details have been provided. (OSVDB 150944) - A flaw exists in the 'HTMLFormControlElement::updateVisibleValidationMessage()' function in 'html/HTMLFormControlElement.cpp' related to the form validation bubble being displayed for invisible pages. This may allow a context-dependent attacker to spoof the UI. (OSVDB 150945) - An unspecified uninitialized memory access flaw in 'webm video' that may allow a context-dependent attacker to have an unspecified impact. No further details have been provided. (OSVDB 150947) - A type confusion flaw exists in the histogram collector feature that is triggered when handling serialised histograms. This may allow a context-dependent attacker to crash the browser. (OSVDB 150948) - A use-after-free error exists in the 'RenderFrameImpl::OnBeforeUnload()' function in 'content/renderer/render_frame_impl.cc'. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (OSVDB 150951) - An unspecified use-after-free error exists in Extensions that may allow a context-dependent attacker to dereference already freed memory and have an unspecified impact. No further details have been provided. (OSVDB 150952) - An unspecified flaw exists in 'frame/csp/ContentSecurityPolicy.cpp' that may allow a context-dependent attacker to bypass the content security policy (CSP). No further details have been provided. (OSVDB 150953) - An unspecified flaw exists that may allow a context-dependent attacker to spoof the UI. No further details have been provided. (OSVDB 150954) - A flaw exists that allows a UXSS attack. This flaw exists because the app launcher does not properly validate a certain URL parameter before returning it to users. This may allow a context-dependent attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and any website. (OSVDB 150966) - A flaw exists in Blink that allows a UXSS attack. This flaw exists because the program does not properly validate input related to 'chrome://downloads' before returning it to users. This may allow a context-dependent attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and any website. (OSVDB 150967) - An unspecified flaw exists that may allow a context-dependent attacker to have an unspecified impact. No further details have been provided by the vendor. (OSVDB 150977, OSVDB 150978, OSVDB 150980, OSVDB 150981, OSVDB 150982, OSVDB 150983, OSVDB 150984, OSVDB 150985, OSVDB 150987, OSVDB 150988, OSVDB 150989) - A flaw exists in the 'MacroExpander::lex()' function in 'compiler/preprocessor/MacroExpander.cpp' that is triggered as certain input is not properly validated when handling macro tokens. This may allow a context-dependent attacker to corrupt memory, crashing a process linked against the library or potentially allowing the execution of arbitrary code. (OSVDB 150979) - A type confusion flaw exists that is triggered when handling the UA shadow DOM. With a specially crafted web page, a context-dependent attacker can corrupt memory and potentially execute arbitrary code. (OSVDB 150986) - A flaw exists in 'platform/WebTaskRunner.cpp' related to missing thread safety. This may allow a context-dependent attacker to have an unspecified impact. No further details have been provided by the vendor. (OSVDB 150990) - A flaw exists related to the component cloud policy not performing signature validation. This may allow an attacker to have an unspecified impact. (OSVDB 150991) - A flaw exists in the 'objectIsRelayoutBoundary()' function in 'layout/LayoutObject.cpp' that is triggered when handling relayouts of an inline layout. This may allow a context-dependent attacker to have an unspecified impact. (OSVDB 150993) - A flaw exists in the 'setScriptableObjectProperty()' function template in 'bindings/core/v8/custom/V8HTMLPlugInElementCustom.cpp' that is triggered when intercepting writes to plugin objects. This may allow a context-dependent attacker to have an unspecified impact. (OSVDB 150995) - A flaw exists in the Pepper Plugin API (PPAPI) that is triggered when handling files that are writable by a plugin. This may allow a context-dependent attacker to have an unspecified impact. (OSVDB 150996)

Solution

Update the Chrome browser to 56.0.2924.76 or later.