Detections
Analytics

Google Chrome < 63.0.3239.84 Multiple Vulnerabilities

high Nessus Network Monitor Plugin ID 700351

Synopsis

The remote host is utilizing a web browser that is affected by multiple attack vectors.

Description

The version of Google Chrome installed on the remote host is prior to 63.0.3239.84, and is affected by multiple vulnerabilities :

 - An out-of-bounds read flaw exists in the 'StoreFrame()' function in 'demux/demux.c' that is triggered when handling animated WebP images with small frames. This may allow a context-dependent attacker to crash a process linked against the library or potentially disclose memory contents.
 - A flaw exists related to cache storage. This may allow a context-dependent attacker to disclose service worker response sizes.
 - An out-of-bounds read flaw exists that is triggered when rendering the P4_INTARRAY argument to the OP_IntegrityCk opcode in the output of EXPLAIN. This may allow a context-dependent attacker to crash a process linked against the library or potentially disclose memory contents.
 - An out-of-bounds read flaw exists in 'net/dns/dns_transaction.cc' that is triggered when handling asynchronous DNS exchanges. With specially crafted DNS responses, a context-dependent attacker can potentially disclose memory contents.
 - A flaw exists in the 'PreParser::RewriteCatchPattern()' function in 'parsing/preparser.h' that is triggered as catch variables are not properly handled during block function hoisting. This may allow a context-dependent attacker to potentially execute arbitrary code.
 - A flaw exists in the 'MediaElementEventListener::handleEvent()' function in 'modules/mediacapturefromelement/HTMLMediaElementCapture.cpp' that is triggered when handling media streams. This may allow a context-dependent attacker to potentially execute arbitrary code.
 - A flaw exists that is triggered when handling calls to the 'Reflect.'construct'()' JavaScript method. This may allow a context-dependent attacker to potentially execute arbitrary code.
 - A flaw exists in 'chrome/android/java/src/org/chromium/chrome/browser/omnibox/UrlBar.java' and 'chrome/android/java/src/org/chromium/chrome/browser/toolbar/ToolbarPhone.java' that is triggered when handling omnibox URL eliding / positioning. This may allow a context-dependent attacker to conduct a spoofing attack.
 - A type confusion flaw exists in the 'TranslatedState::CapturedObjectMaterializer()' function in 'deoptimizer.cc' that is triggered when mutable heap numbers are used in an object field. This may allow a context-dependent attacker to potentially execute arbitrary code.
 - A flaw exists in 'chrome/browser/resources/chromeos/login/oobe_screen_terms_of_service.js' that is triggered as content from the web is loaded within the privileged WebUI process when displaying the Terms of Service text. This may allow a context-dependent attacker to potentially execute code with elevated privileges.
 - An overflow condition exists in the 'InputScalesValid()' function in 'browser/themes/browser_theme_pack.cc' that is triggered as certain input is not properly validated when handling browser theme packs. This may allow a context-dependent attacker to cause a buffer overflow, potentially allowing to execute arbitrary code.
 - A type confusion flaw exists in the 'AXARIAGrid::AddRow()' function in 'modules/accessibility/AXARIAGrid.cpp' that is triggered when handling table rows. This may allow a context-dependent attacker to execute arbitrary code.
 - An overflow condition exists in 'core/fxcodec/codec/fx_codec_jpx_opj.cpp' that is triggered as improper allocate and free functions of OpenJPEG are used. This may allow a context-dependent attacker to cause a heap-based buffer overflow, potentially allowing to execute arbitrary code.

Solution

Upgrade to Chrome version 63.0.3239.84 or later.

See Also

http://www.nessus.org/u?98a7b4bd

Plugin Details

Severity: High

ID: 700351

Family: Web Clients

Published: 8/23/2018

Updated: 3/6/2019

Nessus ID: 106486

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 7.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:google:chrome

Patch Publication Date: 10/5/2017

Vulnerability Publication Date: 10/5/2017

Reference Information

CVE: CVE-2017-15407

BID: 102098