Google Chrome < 46.0.2490.86 Multiple Vulnerabilities (Mac OS X)

critical Nessus Plugin ID 86855

Synopsis

The remote Mac OS X host contains a web browser that is affected by multiple vulnerabilities.

Description

The version of Google Chrome installed on the remote Mac OS X host is prior to 46.0.2490.86. It is, therefore, affected by multiple vulnerabilities :

- An information disclosure vulnerability exists in the PDF viewer that allows an attacker to disclose sensitive information. (CVE-2015-1302)

- A type confusion error exists that allows an attacker to execute arbitrary code. (CVE-2015-7659)

- A security bypass vulnerability exists that allows an attacker to write arbitrary data to the file system under user permissions. (CVE-2015-7662)

- Multiple use-after-free vulnerabilities exist that allow an attacker to execute arbitrary code. (CVE-2015-7651, CVE-2015-7652, CVE-2015-7653, CVE-2015-7654, CVE-2015-7655, CVE-2015-7656, CVE-2015-7657, CVE-2015-7658, CVE-2015-7660, CVE-2015-7661, CVE-2015-7663, CVE-2015-8042, CVE-2015-8043, CVE-2015-8044, CVE-2015-8046)

Solution

Upgrade to Google Chrome 46.0.2490.86 or later.

See Also

http://www.nessus.org/u?f6a84f7c

https://helpx.adobe.com/security/products/flash-player/apsb15-28.html

Plugin Details

Severity: Critical

ID: 86855

File Name: macosx_google_chrome_46_0_2490_86.nasl

Version: 1.9

Type: local

Agent: macosx

Published: 11/11/2015

Updated: 11/20/2019

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 8.9

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2015-8046

Vulnerability Information

CPE: cpe:/a:google:chrome

Required KB Items: MacOSX/Google Chrome/Installed

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 11/10/2015

Vulnerability Publication Date: 11/10/2015

Reference Information

CVE: CVE-2015-1302, CVE-2015-7651, CVE-2015-7652, CVE-2015-7653, CVE-2015-7654, CVE-2015-7655, CVE-2015-7656, CVE-2015-7657, CVE-2015-7658, CVE-2015-7659, CVE-2015-7660, CVE-2015-7661, CVE-2015-7662, CVE-2015-7663, CVE-2015-8042, CVE-2015-8043, CVE-2015-8044, CVE-2015-8046