Google Chrome < 50.0.2661.102 Multiple Vulnerabilities (Mac OS X)

critical Nessus Plugin ID 91129

Synopsis

A web browser installed on the remote Mac OS X host is affected by multiple vulnerabilities.

Description

The version of Google Chrome installed on the remote Mac OS X host is prior to 50.0.2661.102. It is, therefore, affected by multiple vulnerabilities :

- A same-origin bypass vulnerability exists in DOM due to scripts being permitted run while a node is being adopted. A context-dependent attacker can exploit this to bypass the same-origin policy. (CVE-2016-1667)

- A same-origin bypass vulnerability exists due to a flaw in the Blink V8 bindings. A context-dependent attacker can exploit this to bypass the same-origin policy.
(CVE-2016-1668)

- An overflow condition exists in V8 due to improper validation of user-supplied input. A context-dependent attacker can exploit this to cause a denial of service condition or the execution of arbitrary code.
(CVE-2016-1669)

- A race condition exists in the loader related to the use of ids. An attacker can exploit this to have an unspecified impact. (CVE-2016-1670)

- Multiple type confusion errors exist in the bundled version of Adobe Flash that allow an attacker to execute arbitrary code. (CVE-2016-1105, CVE-2016-4117)

- Multiple use-after-free errors exist in the bundled version of Adobe Flash that allow an attacker to execute arbitrary code. (CVE-2016-1097, CVE-2016-1106, CVE-2016-1107, CVE-2016-1108, CVE-2016-1109, CVE-2016-1110, CVE-2016-4108, CVE-2016-4110, CVE-2016-4121)

- A heap buffer overflow condition exists in the bundled version of Adobe Flash that allows an attacker to execute arbitrary code. (CVE-2016-1101)

- An unspecified buffer overflow exists in the bundled version of Adobe Flash that allows an attacker to execute arbitrary code. (CVE-2016-1103)

- Multiple memory corruption issues exist in the bundled version of Adobe Flash that allow an attacker to execute arbitrary code. (CVE-2016-1096, CVE-2016-1098, CVE-2016-1099, CVE-2016-1100, CVE-2016-1102, CVE-2016-1104, CVE-2016-4109, CVE-2016-4111, CVE-2016-4112, CVE-2016-4113, CVE-2016-4114, CVE-2016-4115, CVE-2016-4120, CVE-2016-4160, CVE-2016-4161, CVE-2016-4162, CVE-2016-4163)

- A flaw exists in the bundled version of Adobe Flash when loading dynamic-link libraries. An attacker can exploit this, via a specially crafted .dll file, to execute arbitrary code. (CVE-2016-4116)

Solution

Upgrade to Google Chrome version 50.0.2661.102 or later.

See Also

http://www.nessus.org/u?ddef1fa8

https://helpx.adobe.com/security/products/flash-player/apsb16-15.html

Plugin Details

Severity: Critical

ID: 91129

File Name: macosx_google_chrome_50_0_2661_102.nasl

Version: 1.17

Type: local

Agent: macosx

Published: 5/13/2016

Updated: 4/25/2023

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 9.6

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2016-4117

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 9.4

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

CVSS Score Source: CVE-2016-4163

Vulnerability Information

CPE: cpe:/a:google:chrome

Required KB Items: MacOSX/Google Chrome/Installed

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 5/11/2016

Vulnerability Publication Date: 5/11/2016

CISA Known Exploited Vulnerability Due Dates: 3/24/2022

Exploitable With

Metasploit (Adobe Flash Player DeleteRangeTimelineOperation Type-Confusion)

Reference Information

CVE: CVE-2016-1096, CVE-2016-1097, CVE-2016-1098, CVE-2016-1099, CVE-2016-1100, CVE-2016-1101, CVE-2016-1102, CVE-2016-1103, CVE-2016-1104, CVE-2016-1105, CVE-2016-1106, CVE-2016-1107, CVE-2016-1108, CVE-2016-1109, CVE-2016-1110, CVE-2016-1667, CVE-2016-1668, CVE-2016-1669, CVE-2016-1670, CVE-2016-4108, CVE-2016-4109, CVE-2016-4110, CVE-2016-4111, CVE-2016-4112, CVE-2016-4113, CVE-2016-4114, CVE-2016-4115, CVE-2016-4116, CVE-2016-4117, CVE-2016-4120, CVE-2016-4121, CVE-2016-4160, CVE-2016-4161, CVE-2016-4162, CVE-2016-4163

BID: 90505