Google Chrome < 58.0.3029.81 Multiple Vulnerabilities (macOS)

high Nessus Plugin ID 99634

Synopsis

A web browser installed on the remote macOS or Mac OS X host is affected by multiple vulnerabilities.

Description

The version of Google Chrome installed on the remote macOS or Mac OS X host is prior to 58.0.3029.81. It is, therefore, affected by the following vulnerabilities :

- A type confusion error exists in PDFium in the CJS_Object::GetEmbedObject() function that allows an unauthenticated, remote attacker to have an unspecified impact. (CVE-2017-5057)

- A use-after-free error exists in Print Preview that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2017-5058)

- A type confusion error exists in Blink due to improper handling of pseudo-elements in layout trees. An unauthenticated, remote attacker can exploit this to have an unspecified impact. (CVE-2017-5059)

- A spoofing vulnerability exists in url_formatter.cc due to improper handling of Cyrillic letters in domain names. An unauthenticated, remote attacker can exploit this to spoof URLs in the address bar. (CVE-2017-5060)

- A flaw exists in the Omnibox component that is triggered as unloaded content may be rendered in a compositor frame after a navigation commit. An unauthenticated, remote attacker can exploit this to spoof URLs in the address bar. (CVE-2017-5061)

- A use-after-free error exists in the Apps component that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2017-5062)

- A heap-based buffer overflow condition exists in the Skia component in the spanSlowRate() function in SkLinearBitmapPipeline_sample.h due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution arbitrary code.
(CVE-2017-5063)

- A use-after-free error exists in Blink that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2017-5064)

- A flaw exists in Blink due to a failure to properly close validation bubbles when uploading a document. An unauthenticated, remote attacker can exploit this to cause an unspecified impact. (CVE-2017-5065)

- A flaw exists in the Networking component due to a failure to verify certificate chains that have mismatching signature algorithms. An unauthenticated, remote attacker can exploit this to have an unspecified impact. (CVE-2017-5066)

- An unspecified flaw exists in the Omnibox component that allows an unauthenticated, remote attacker to spoof URLs. (CVE-2017-5067)

- A same-origin policy bypass vulnerability exists in the PingLoader::sendViolationReport() function in PingLoader.cpp due to improper handling of HTTP Content-Type headers in CSP or XSS auditor violation reports. An unauthenticated, remote attacker can exploit this to bypass the same-origin policy. (CVE-2017-5069)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade to Google Chrome version 58.0.3029.81 or later.

See Also

http://www.nessus.org/u?d9ef6b47

https://www.xudongz.com/blog/2017/idn-phishing/

Plugin Details

Severity: High

ID: 99634

File Name: macosx_google_chrome_58_0_3029_81.nasl

Version: 1.7

Type: local

Agent: macosx

Published: 4/24/2017

Updated: 11/13/2019

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2017-5064

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 7.7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:google:chrome

Required KB Items: MacOSX/Google Chrome/Installed

Exploit Ease: No known exploits are available

Patch Publication Date: 4/19/2017

Vulnerability Publication Date: 1/25/2017

Reference Information

CVE: CVE-2017-5057, CVE-2017-5058, CVE-2017-5059, CVE-2017-5060, CVE-2017-5061, CVE-2017-5062, CVE-2017-5063, CVE-2017-5064, CVE-2017-5065, CVE-2017-5066, CVE-2017-5067, CVE-2017-5069

BID: 97939