Google Chrome < 46.0.2490.71 Multiple Vulnerabilities

high Nessus Network Monitor Plugin ID 9016

Synopsis

The remote host is utilizing a web browser that is affected by multiple vulnerabilities.

Description

The version of Google Chrome installed on the remote host is prior to 46.0.2490.71 and is affected by multiple vulnerabilities :

- Google Chrome contains an unspecified high severity flaw that may allow a context-dependent attacker to have an unspecified impact. No further details have been provided by the vendor. (CVE-2015-6763)
- Google Chrome contains a use-after-free error in 'service_worker/embedded_worker_instance.cc' that is triggered when handling 'EmbeddedWorkerInstance' startup sequence failures. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (CVE-2015-6757)
- Google Chrome contains a flaw in the ContainerNode::parserInsertBefore() function in 'dom/ContainerNode.cpp' that is triggered when removing a specific child during reparenting. This may allow a context-dependent attacker to bypass the same-origin policy. (CVE-2015-6755)
- Google Chrome contains a flaw in the shouldTreatAsUniqueOrigin() function in 'weborigin/SecurityOrigin.cpp' that is triggered when handling the origin of a LocalStorage resource. This may allow a context-dependent attacker to disclose potentially sensitive information. (CVE-2015-6759)
- Google Chrome contains a flaw in the CSSFontFaceSrcValue::fetch() function in 'css/CSSFontFaceSrcValue.cpp' that is triggered when handling CSS fonts. This may allow a context-dependent attacker to bypass Cross-Origin Resource Sharing (CORS) restrictions. (CVE-2015-6762)
- Google V8 contains a use-after-free error in the SlotsBuffer::RemoveInvalidSlots() function in heap/mark-compact.cc. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (CVE-2015-7834)
- Google PDFium contains a use-after-free error in the CPDFSDK_Annot::GetPDFAnnot() function. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code (CVE-2015-6768).
- Google PDFium contains a type-casting flaw in the CPDF_Document::GetPage() function in fpdfapi/fpdf_parser/fpdf_parser_document.cpp. This may allow a context-dependent attacker to potentially execute arbitrary code. (CVE-2015-6758)
- ANGLE contains a flaw in the Image11::map() function in libANGLE/renderer/d3d/d3d11/Image11.cpp that is triggered when handling mapping failures after device-lost events. This may allow a context-dependent attacker to have an unspecified impact in an application linked against the library. (CVE-2015-6760)
- FFmpeg contains a race condition in the update_dimensions() function in libavcodec/vp8.c. The issue is triggered when handling multi-threaded operations based on the coefficient-partition count. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2015-6761)

Solution

Update the Chrome browser to 46.0.2490.71 or later.

See Also

http://googlechromereleases.blogspot.com/2015/10/stable-channel-update.html

Plugin Details

Severity: High

ID: 9016

Family: Web Clients

Published: 12/4/2015

Updated: 3/6/2019

Nessus ID: 86381

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 7.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:google:chrome

Patch Publication Date: 10/13/2015

Vulnerability Publication Date: 7/23/2015

Reference Information

CVE: CVE-2015-6755

BID: 77071