Google Chrome < 45.0.2454.85 Multiple Vulnerabilities

high Nessus Network Monitor Plugin ID 8854

Synopsis

The remote host is utilizing a web browser that is affected by multiple vulnerabilities.

Description

The version of Google Chrome installed on the remote Windows host is prior to 45.0.2454.85 and is affected by multiple vulnerabilities :

- A cross-origin bypass vulnerability exists due to a flaw in the 'ContainerNode::parserRemoveChild()' function in 'ContainerNode.cpp' wherein user scripts may unexpectedly run in 'onunload' handlers during Document Object Model (DOM) modification. A remote attacker can exploit this, via a specially crafted web page, to bypass cross-origin restrictions. (CVE-2015-1291)
- A cross-origin bypass vulnerability exists due to a flaw in the 'LocalDOMWindow::navigator()' function in 'LocalDOMWindow.cpp' wherein an incorrect navigator associated with a frame may be returned. A remote attacker can exploit this, via a specially crafted web page, to bypass cross-origin restrictions. (CVE-2015-1292)
- An unspecified cross-origin bypass vulnerability exists that allows a remote attacker, via a specially crafted web page, to bypass cross-origin restrictions. (CVE-2015-1293)
- A use-after-free error exists in the 'SkMatrix::invertNonIdentity()' function in 'SkMatrix.cpp'. A remote attacker can exploit this to dereference already freed memory, potentially resulting in the execution of arbitrary code. (CVE-2015-1294)
- A use-after-free error exists in 'print_web_view_helper.cc' that is triggered when handling nested IPC handlers. A remote attacker can exploit this to dereference already freed memory, potentially resulting in the execution of arbitrary code. (CVE-2015-1295)
- A spoofing vulnerability exists due to a flaw that is triggered when displaying a URL containing certain characters in an omnibox. A remote attacker can exploit this to include characters that may look like a padlock, spoofing a secure connection. (CVE-2015-1296)
- An unspecified flaw exists related to permission scoping as requests in an extension are not hidden from other extensions. (CVE-2015-1297)
- An unspecified URL handling issue exists as the URL to be opened after an extension is uninstalled is not restricted to HTTP and HTTPS. (CVE-2015-1298)
- A use-after-free error exists due to improper validation of user-supplied input. A remote attacker can exploit this to dereference already freed memory, potentially resulting in the execution of arbitrary code. (CVE-2015-1299)
- An unspecified information disclosure vulnerability exists in Blink. (CVE-2015-1300)
- Multiple unspecified flaws exist that allow an attacker to have unspecified medium severity impact. (CVE-2015-1301)
- A flaw in Google V8 affects 'heap/heap.cc' when handling background tab heap growing. This may allow a context-dependent attacker to have an unspecified impact. (CVE-2015-6580)
- The decompose function in 'platform/transforms/TransformationMatrix.cpp' in Blink does not verify that a matrix inversion succeeded, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted web site. (CVE-2015-6582)
- A location bar is not displayed for a hosted app's window after navigation away from the installation site, which might make it easier for remote attackers to spoof content via a crafted app, related to 'browser.cc' and 'hosted_app_browser_controller.cc'. (CVE-2015-6583)
- OpenJPEG contains a double-free flaw in the opj_j2k_copy_default_tcp_and_create_tcp() function in 'lib/openjp2/j2k.c'. This may allow a context-dependent attacker to crash an application linked against the library or potentially execute arbitrary code. This issue was originally reported as fixed in Google Chrome version 44.0.2403.89 as part of bug 459215. However, it was later reported as fixed in version 45.0.2454.85. (CVE-2015-1273, CVE-2015-1301, CVE-2015-6581)

Solution

Update the Chrome browser to 45.0.2454.85, or later.

See Also

http://googlechromereleases.blogspot.com/2015/09/stable-channel-update.html

Plugin Details

Severity: High

ID: 8854

Family: Web Clients

Published: 9/8/2015

Updated: 3/6/2019

Nessus ID: 85743

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 6.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:google:chrome

Patch Publication Date: 9/1/2015

Vulnerability Publication Date: 9/3/2015

Reference Information

CVE: CVE-2015-1273