Google Chrome < 56.0.2924.76 Multiple Vulnerabilities

medium Nessus Network Monitor Plugin ID 9935

Synopsis

The remote host is utilizing a web browser that is affected by multiple attack vectors.

Description

The version of Google Chrome installed on the remote host is prior to 56.0.2924.76, and is affected by multiple vulnerabilities :

- A flaw exists that allows a universal cross-site scripting (UXSS) attack. This flaw exists because the program does not properly suspend pages that are closing, but not yet fully closed. This may allow a context-dependent attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and any website.
- A flaw exists in the 'Document::shutdown()' function in 'dom/Document.cpp' that allows a UXSS attack. This flaw exists because the program does not properly clear the the owner's widget for a frame. This may allow a context-dependent attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and any website.
- A flaw exists in the 'compileAndRunPrivateScript()' function in 'bindings/core/v8/PrivateScriptRunner.cpp' that allows a UXSS attack. This flaw exists because the program does not properly protect private scripts. This may allow a context-dependent attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and any website.
- A flaw exists in 'css/FontFace.cpp' that allows a UXSS attack. This flaw exists because the program does not properly handle FontFace objects. This may allow a context-dependent attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and any website.
- A flaw exists in Devtools related to front-end URL handling. This may allow a context-dependent attacker to gain unauthorized access to files.
- A flaw exists in the 'Browser::ShouldFocusLocationBarByDefault()' function in 'ui/browser.cc' that is triggered when handling NTP navigations in non-selected tabs. This may allow a context-dependent attacker to spoof the address.
- An unspecified flaw exists in Omnibox that may allow a context-dependent attacker to spoof the address. No further details have been provided.
- A flaw exists in the 'HTMLFormControlElement::updateVisibleValidationMessage()' function in 'html/HTMLFormControlElement.cpp' related to the form validation bubble being displayed for invisible pages. This may allow a context-dependent attacker to spoof the UI.
- An unspecified uninitialized memory access flaw in 'webm video' that may allow a context-dependent attacker to have an unspecified impact. No further details have been provided.
- A type confusion flaw exists in the histogram collector feature that is triggered when handling serialised histograms. This may allow a context-dependent attacker to crash the browser.
- A use-after-free error exists in the 'RenderFrameImpl::OnBeforeUnload()' function in 'content/renderer/render_frame_impl.cc'.

Solution

Update the Chrome browser to 56.0.2924.76 or later.

See Also

https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html

Plugin Details

Severity: Medium

ID: 9935

Family: Web Clients

Published: 2/2/2017

Updated: 3/6/2019

Nessus ID: 96829

Risk Information

VPR

Risk Factor: Low

Score: 3.0

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:google:chrome

Patch Publication Date: 1/25/2017

Vulnerability Publication Date: 1/11/2017

Reference Information

CVE: CVE-2017-5006

BID: 95792