Google Chrome < 56.0.2924.76 Multiple Vulnerabilities

medium Nessus Plugin ID 96828

Synopsis

A web browser installed on the remote Windows host is affected by multiple vulnerabilities.

Description

The version of Google Chrome installed on the remote Windows host is prior to 56.0.2924.76. It is, therefore, affected by the following vulnerabilities :

- A cross-site scripting (XSS) vulnerability exists in the Document::shutdown() function in dom/Document.cpp due to a failure to clear the owner's widget for a frame. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to execute arbitrary script code in a user's browser session. (CVE-2017-5006)

- A cross-site scripting (XSS) vulnerability exists in the Document::shutdown() function in dom/Document.cpp due to a failure to properly suspend pages that are closing, but not yet fully closed. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to execute arbitrary script code in a user's browser session. (CVE-2017-5007)

- A cross-site scripting (XSS) vulnerability exists in the compileAndRunPrivateScript() function in PrivateScriptRunner.cpp due to a failure to properly protect private scripts. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to execute arbitrary script code in a user's browser session. (CVE-2017-5008)

- An out-of-bounds read error exists in the UsingFlexibleMode() function in decoding_state.cc due to improper handling of frames marked as using flexible mode. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2017-5009)

- A cross-site scripting (XSS) vulnerability exists in css/FontFace.cpp due to improper handling of FontFace objects. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to execute arbitrary script code in a user's browser session.
(CVE-2017-5010)

- An information disclosure vulnerability exists in the Devtools component due to improper front-end URL handling. An unauthenticated, remote attacker can exploit this to disclose arbitrary files.
(CVE-2017-5011)

- A heap buffer overflow condition exists in Google V8 in the SetupAllocatingData() function in objects.h that occurs when failing to allocate array buffer contents.
An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2017-5012)

- A flaw exists in the ShouldFocusLocationBarByDefault() function in ui/browser.cc that is triggered when handling NTP navigations in non-selected tabs. An unauthenticated, remote attacker can exploit this to spoof the address. (CVE-2017-5013)

- A heap buffer overflow condition exists in Google Skia due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2017-5014)

- An unspecified flaw exists in Omnibox that allows an unauthenticated, remote attacker to spoof the address.
(CVE-2017-5015)

- A flaw exists in the updateVisibleValidationMessage() function in html/HTMLFormControlElement.cpp related to the form validation bubble being displayed for invisible pages. An unauthenticated, remote attacker can exploit this to spoof the UI. (CVE-2017-5016)

- An uninitialized memory access flaw exists in the webm video processing implementation that allows an unauthenticated, remote attacker to have an unspecified impact. (CVE-2017-5017)

- A cross-site scripting (XSS) vulnerability exists in the App Launcher component due to a failure to properly validate parameters. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to execute arbitrary script code in a user's browser session. (CVE-2017-5018)

- A use-after-free error exists in the OnBeforeUnload() function in render_frame_impl.cc. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2017-5019)

- A cross-site scripting (XSS) vulnerability exists in Blink due to a failure to properly validate input related to chrome://downloads. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to execute arbitrary script code in a user's browser session. (CVE-2017-5020)

- A use-after-free error exists in the Extensions component. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2017-5021)

- A security bypass vulnerability exists in frame/csp/ContentSecurityPolicy.cpp that allows an unauthenticated, remote attacker to bypass the content security policy (CSP). (CVE-2017-5022)

- A type confusion flaw exists in the histogram collector feature that is triggered when handling serialized histograms. An unauthenticated remote attacker can exploit this to crash the browser, resulting in a denial of service condition. (CVE-2017-5023)

- A heap buffer overflow condition exists in FFmpeg in the mov_read_uuid() function in libavformat/mov.c due to improper handling of overly long UUIDs. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-5024)

- A heap buffer overflow condition exists in FFmpeg in the mov_read_hdlr() function in libavformat/mov.c due to improper validation of user-supplied input when handling titles. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2017-5025)

- An unspecified flaw exists that allows an unauthenticated, remote attacker to spoof the UI.
(CVE-2017-5026)

- An unspecified flaw exists in Blink that allows an unauthenticated, remote attacker to bypass the content security policy. (CVE-2017-5027)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade to Google Chrome version 56.0.2924.76 or later.

See Also

http://www.nessus.org/u?fcdefa5b

Plugin Details

Severity: Medium

ID: 96828

File Name: google_chrome_56_0_2924_76.nasl

Version: 1.10

Type: local

Agent: windows

Family: Windows

Published: 1/27/2017

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.2

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2017-5019

CVSS v3

Risk Factor: Medium

Base Score: 6.3

Temporal Score: 5.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:google:chrome

Required KB Items: SMB/Google_Chrome/Installed

Exploit Ease: No known exploits are available

Patch Publication Date: 1/25/2017

Vulnerability Publication Date: 7/8/2016

Reference Information

CVE: CVE-2017-5006, CVE-2017-5007, CVE-2017-5008, CVE-2017-5009, CVE-2017-5010, CVE-2017-5011, CVE-2017-5012, CVE-2017-5013, CVE-2017-5014, CVE-2017-5015, CVE-2017-5016, CVE-2017-5017, CVE-2017-5018, CVE-2017-5019, CVE-2017-5020, CVE-2017-5021, CVE-2017-5022, CVE-2017-5023, CVE-2017-5024, CVE-2017-5025, CVE-2017-5026, CVE-2017-5027

BID: 95792