Google Chrome < 60.0.3112.78 Multiple Vulnerabilities

high Nessus Plugin ID 101980

Synopsis

A web browser installed on the remote Windows host is affected by multiple vulnerabilities.

Description

The version of Google Chrome installed on the remote Windows host is prior to 60.0.3112.78. It is, therefore, affected by the following vulnerabilities :

- A use-after-free error exists in IndexedDB due to improper handling of cursors during transactions. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2017-5091)

- A use-after-free error exists in the PPAPI component that allows unauthenticated, remote attacker to execute arbitrary code. (CVE-2017-5092)

- An unspecified flaw exists in Blink that is triggered when displaying JavaScript alerts in fullscreen mode. An unauthenticated, remote attacker can exploit this to spoof components in the user interface. (CVE-2017-5093)

- A type confusion error exists in the 'Extensions Bindings' component that is triggered when passing event filters. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2017-5094)

- An overflow condition exists in PDFium due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code.
(CVE-2017-5095)

- An unspecified flaw exists related to 'Android intents' that allows an unauthenticated, remote attacker to disclose sensitive user information. (CVE-2017-5096)

- An out-of-bounds read error exists in Skia due to improper handling of verb arrays. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code.
(CVE-2017-5097)

- A use-after-free error exists in Google V8 that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2017-5098)

- An out-of-bounds write error exists in the PPAPI component that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2017-5099)

- A use-after-free error exists in the 'Chrome Apps' component that allows an unauthenticated, remote attacker to have an unspecified impact. (CVE-2017-5100)

- Multiple unspecified flaws exist in the OmniBox component that allow an unauthenticated, remote attacker to spoof URLs in the address bar. (CVE-2017-5101, CVE-2017-5105)

- Multiple uninitialized memory use flaws exist in Skia that allow an unauthenticated, remote attacker to have an unspecified impact. (CVE-2017-5102, CVE-2017-5103)

- Multiple unspecified flaws exist that allow an unauthenticated, remote attacker to spoof components in the user interface. (CVE-2017-5104, CVE-2017-5109)

- A flaw exists in OmniBox that is triggered as domain names containing arbitrary Cyrillic letters are rendered in the address bar. An unauthenticated, remote attacker can exploit this, via a specially crafted domain name, to spoof the URL in the address bar. (CVE-2017-5106)

- A flaw exists in the SVG filters component due to improper handling of floating point multiplication. An unauthenticated, remote attacker can exploit this, via a timing attack, to extract sensitive user information.
(CVE-2017-5107)

- A type confusion error exists in Google V8 that allows an unauthenticated, remote attacker to have an unspecified impact. (CVE-2017-5108)

- An unspecified flaw exists in the Payments dialog that allows an unauthenticated, remote attacker to spoof components in the user interface. (CVE-2017-5110)

- A type confusion error exists in SQLite due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2017-7000)

Note that Nessus has not attempted to exploit these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade to Google Chrome version 60.0.3112.78 or later.

See Also

http://www.nessus.org/u?36f62a15

Plugin Details

Severity: High

ID: 101980

File Name: google_chrome_60_0_3112_78.nasl

Version: 1.9

Type: local

Agent: windows

Family: Windows

Published: 7/26/2017

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2017-7000

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 7.7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:google:chrome

Required KB Items: SMB/Google_Chrome/Installed

Exploit Ease: No known exploits are available

Patch Publication Date: 7/25/2017

Vulnerability Publication Date: 2/27/2017

Reference Information

CVE: CVE-2017-5091, CVE-2017-5092, CVE-2017-5093, CVE-2017-5094, CVE-2017-5095, CVE-2017-5096, CVE-2017-5097, CVE-2017-5098, CVE-2017-5099, CVE-2017-5100, CVE-2017-5101, CVE-2017-5102, CVE-2017-5103, CVE-2017-5104, CVE-2017-5105, CVE-2017-5106, CVE-2017-5107, CVE-2017-5108, CVE-2017-5109, CVE-2017-5110, CVE-2017-7000

BID: 99950