Detections
Analytics

Google Chrome < 42.0.2311.90 Multiple Vulnerabilities

high Nessus Plugin ID 82825

Language:

Synopsis

The remote Windows host contains a web browser that is affected by multiple vulnerabilities.

Description

The version of Google Chrome installed on the remote Windows host is prior to 42.0.2311.90. It is, therefore, affected by multiple vulnerabilities :

 - A cross-origin bypass vulnerability exists due to an unspecified flaw in the HTML parser. (CVE-2015-1235)

 - A cross-origin bypass vulnerability exists due to a flaw in MediaElementAudioSourceNode.cpp when handling audio content. (CVE-2015-1236)

 - A use-after-free error exists in render_frame_impl.cc due to improper handling of a frame when it receives messages while detaching. An attacker can exploit this flaw to dereference already freed memory and execute arbitrary code. (CVE-2015-1237)

 - An unspecified out-of-bounds write flaw exists in the Skia filters. (CVE-2015-1238)

 - An out-of-bounds read flaw exists in WebGL due to improper handling of ES3 commands. An attacker can exploit this flaw to disclose memory contents.
 (CVE-2015-1240)

 - An unspecified tap-jacking flaw exists when certain tap events aren't preceded by TapDown events. An attacker can exploit this to direct taps to cross-pages and cross-domains. (CVE-2015-1241)

 - A type confusion error exists in the ReduceTransitionElementsKind() function in hydrogen-check-elimination.cc. An attacker can exploit this error to execute arbitrary code. (CVE-2015-1242)

 - A flaw exists related to WebSocket connections due to HTTP Strict Transport Security (HSTS) not being strictly enforced. A man-in-the-middle attacker can exploit this flaw to view and manipulate protected communication.
 (CVE-2015-1244)

 - A use-after-free error exists in open_pdf_in_reader_view.cc due to improper handling handling the 'Open PDF in Reader' bubble on navigations.
 An attacker can exploit this flaw to dereference already freed memory and execute arbitrary code. (CVE-2015-1245)

 - An unspecified out-of-bounds read flaw exists in Blink.
 An attacker can exploit this to disclose memory contents. (CVE-2015-1246)

 - A flaw exists in the OnPageHasOSDD() function in search_engine_tab_helper.cc due to improper handling of URLs for the OpenSearch descriptor. An attacker can exploit this flaw to disclose sensitive information.
 (CVE-2015-1247)

 - An unspecified flaw exists that allows an attacker to bypass SafeBrowsing. (CVE-2015-1248)

 - Multiple unspecified vulnerabilities exist that allow an attacker to have an unspecified impact. (CVE-2015-1249)

 - Multiple unspecified vulnerabilities exist in V8 that allow an attacker to cause a denial of service and other unspecified impacts.
 (CVE-2015-3333)

 - A media permission handling weakness exists due to camera and microphone permissions being merged into a single 'Media' permission. An attacker can exploit this, via a specially crafted website, to turn on a victim's camera while the victim believes camera access is prohibited. (CVE-2015-3334)

 - A flaw exists due to missing address space usage limitation (RLIMIT_AS and RLIMIT_DATA) in the Native Client (NaCl) process. This allows a remote attacker to run a crafted program in the NaCl sandbox and to conduct row-hammer attacks. (CVE-2015-3335)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade to Google Chrome 42.0.2311.90 or later.

See Also

http://www.nessus.org/u?72311cf0

Plugin Details

Severity: High

ID: 82825

File Name: google_chrome_42_0_2311_90.nasl

Version: 1.10

Type: local

Agent: windows

Family: Windows

Published: 4/16/2015

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2015-3335

Vulnerability Information

CPE: cpe:/a:google:chrome

Required KB Items: SMB/Google_Chrome/Installed

Exploit Ease: No known exploits are available

Patch Publication Date: 4/14/2015

Vulnerability Publication Date: 4/14/2015

Reference Information

CVE: CVE-2015-1235, CVE-2015-1236, CVE-2015-1237, CVE-2015-1238, CVE-2015-1240, CVE-2015-1241, CVE-2015-1242, CVE-2015-1244, CVE-2015-1245, CVE-2015-1246, CVE-2015-1247, CVE-2015-1248, CVE-2015-1249, CVE-2015-3333, CVE-2015-3334, CVE-2015-3335

BID: 72715, 74165, 74167, 74221, 74225