Detections
Analytics

Google Chrome < 42.0.2311.90 Multiple Vulnerabilities

high Nessus Network Monitor Plugin ID 8778

Synopsis

The remote host contains a web browser that is vulnerable to multiple attack vectors.

Description

The version of Google Chrome on the remote host is prior to 42.0.2311.90 and is affected by the following vulnerabilities :

 - A cross-origin bypass vulnerability exists due to an unspecified flaw in the HTML parser. (CVE-2015-1235)

 - A cross-origin bypass vulnerability exists due to a flaw in 'MediaElementAudioSourceNode.cpp' when handling audio content. (CVE-2015-1236)

 - A use-after-free error exists in 'render_frame_impl.cc' due to improper handling of a frame when it receives messages while detaching. An attacker can exploit this flaw to dereference already freed memory and execute arbitrary code. (CVE-2015-1237)

 - An unspecified out-of-bounds write flaw exists in the Skia filters. (CVE-2015-1238)

 - An out-of-bounds read flaw exists in WebGL due to improper handling of ES3 commands. An attacker can exploit this flaw to disclose memory contents. (CVE-2015-1240)

 - An unspecified tap-jacking flaw exists when certain tap events aren't preceded by TapDown events. An attacker can exploit this to direct taps to cross-pages and cross-domains. (CVE-2015-1241)

 - A type confusion error exists in the ReduceTransitionElementsKind() function in 'hydrogen-check-elimination.cc'. An attacker can exploit this error to execute arbitrary code. (CVE-2015-1242)

 - A flaw exists related to WebSocket connections due to HTTP Strict Transport Security (HSTS) not being strictly enforced. A man-in-the-middle attacker can exploit this flaw to view and manipulate protected communication. (CVE-2015-1244) - A use-after-free error exists in 'open_pdf_in_reader_view.cc' due to improper handling in the 'Open PDF in Reader' bubble on navigations. An attacker can exploit this flaw to dereference already freed memory and execute arbitrary code. (CVE-2015-1245)

 - An unspecified out-of-bounds read flaw exists in Blink. An attacker can exploit this to disclose memory contents. (CVE-2015-1246)

 - A flaw exists in the OnPageHasOSDD() function in 'search_engine_tab_helper.cc' due to improper handling of URLs for the OpenSearch descriptor. An attacker can exploit this flaw to disclose sensitive information. (CVE-2015-1247)

 - An unspecified flaw exists that allows an attacker to bypass SafeBrowsing. (CVE-2015-1248)

 - Multiple unspecified vulnerabilities exist that allow an attacker to have an unspecified impact. (CVE-2015-1249)

 - Multiple unspecified vulnerabilities exist in V8 that allow an attacker to cause a denial of service and other unspecified impacts. (CVE-2015-3333)

 - A media permission handling weakness exists due to camera and microphone permissions being merged into a single 'Media' permission. An attacker can exploit this, via a specially crafted website, to turn on a victim's camera while the victim believes camera access is prohibited. (CVE-2015-3334)

 - A flaw exists due to missing address space usage limitation (RLIMIT_AS and RLIMIT_DATA) in the Native Client (NaCl) process. This allows a remote attacker to run a crafted program in the NaCl sandbox and to conduct row-hammer attacks. (CVE-2015-3335)

Solution

Upgrade to Google Chrome 42.0.2311.90 or later.

See Also

http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html

Plugin Details

Severity: High

ID: 8778

Family: Web Clients

Published: 6/15/2015

Updated: 3/6/2019

Nessus ID: 82825

Risk Information

VPR

Risk Factor: Low

Score: 2.7

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 8.1

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:google:chrome

Patch Publication Date: 4/14/2015

Vulnerability Publication Date: 4/14/2015

Reference Information

CVE: CVE-2015-1235

BID: 72715