Detections
Analytics

Google Chrome < 62.0.3202.62 Multiple Vulnerabilities

high Nessus Network Monitor Plugin ID 700346

Synopsis

The remote host is utilizing a web browser that is affected by multiple attack vectors.

Description

The version of Google Chrome installed on the remote host is prior to 62.0.3202.62, and is affected by multiple vulnerabilities :

 - A flaw exists in the 'JSNativeContextSpecialization::ExtractReceiverMaps()' function in 'compiler/js-native-context-specialization.cc' that is triggered when looking for root maps. This may allow a context-dependent attacker to potentially execute arbitrary code.
 - A use-after-free error exists in the CPDF_Document class that is triggered when parsing PDF documents. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code.
 - A flaw exists in the download observer class that is triggered when handling downloaded items. This may allow a context-dependent attacker to have an unspecified impact.
 - An out-of-bounds read flaw exists in the 'TextRunHarfBuzz::GetClusterAt()' function in 'ui/gfx/render_text_harfbuzz.cc' that is triggered when handling glyph maps. This may allow a context-dependent attacker to potentially disclose memory contents.
 - A flaw exists in the 'AsmJs::InstantiateAsmWasm()' function in 'asmjs/asm-js.cc' that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to potentially execute arbitrary code.
 - A flaw exists in 'devtools/front_end/inspector.html' that is triggered when handling DevTools links. This may allow a context-dependent attacker to disclose referrer information.
 - An out-of-bounds read flaw exists related to the lcms fast floor function configuration. This may allow a context-dependent attacker to crash a process linked against the library or potentially disclose memory contents.
 - A use-after-free error exists in the content_shell component that is triggered when handling URLRequestContext object destruction. This may allow a context-dependent attacker to dereference already freed memory and have an unspecified impact.
 - A flaw exists in the 'MarkupFormatter::AppendQuotedURLAttributeValue()' function in 'editing/serializers/MarkupFormatter.cpp' related to transparent removal of certain white-space characters in certain contexts of HTML elements. This may allow a context-dependent attacker to conduct a mutation cross-site scripting (mXSS) attack.
 - A flaw exists that is triggered as it is possible for a renderer to send a ViewHostMsg_ShowValidationMessage request to display a form validation bubble over an omnibox. This may allow a context-dependent attacker to spoof web page contents.
 - A race condition exists in 'frame_host/navigation_controller_impl.cc' that is triggered when handling frame navigations. With a specially crafted web page, a context-dependent attacker can potentially execute arbitrary code.
 - An out-of-bounds access flaw exists that is triggered when handling trap handlers. This may allow a context-dependent attacker to potentially execute arbitrary code.
 - A flaw exists as it does not properly limit certain problematic characters 'e.g'. dot above (U+0307) after certain characters before displaying them as Unicode. With a specially crafted IDN domain, a context-dependent attacker can spoof an omnibox address.
 - An infinite loop condition exists in the 'DoReplaceSubstringsAfterOffset()' function template in 'base/strings/string_util.cc' that is triggered when handling specially crafted strings. This may allow a context-dependent attacker to cause the process to hang.
 - An out-of-bounds read flaw exists in the 'nt::QueryRegValueSZ()' function in 'chrome_elf
t_registry
t_registry.cc' that is triggered when handling registry keys that are not NULL terminated. This may allow a local attacker to disclose potentially sensitive memory contents.

Solution

Upgrade to Chrome version 62.0.3202.62 or later.

See Also

http://www.nessus.org/u?441fea3d

Plugin Details

Severity: High

ID: 700346

Family: Web Clients

Published: 8/23/2018

Updated: 3/6/2019

Risk Information

VPR

Risk Factor: Low

Score: 3.8

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 8.1

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:google:chrome

Patch Publication Date: 10/13/2017

Vulnerability Publication Date: 4/19/2017

Reference Information

CVE: CVE-2017-5124

BID: 101482