Detections
Analytics

Google Chrome < 54.0.2840.59 Multiple Vulnerabilities

high Nessus Network Monitor Plugin ID 9687

Synopsis

The remote host is utilizing a web browser that is affected by multiple attack vectors.

Description

The version of Google Chrome installed on the remote host is prior to 54.0.2840.59, and is affected by multiple vulnerabilities :

 - A use-after-free error in Internals may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code.
 - An unspecified flaw may allow a context-dependent attacker to bypass schemes. No further details have been provided.
 - An unspecified flaw may allow a context-dependent attacker to spoof URLs. No further details have been provided.
 - A flaw in Bookmarks allows a universal cross-site scripting (XSS) attack. This flaw exists because the program does not validate input before returning it to users. This may allow a context-dependent attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server.
 - An unspecified flaw in Blink may allow a context-dependent attacker to bypass Cross-Origin Resource Sharing (CORS) restrictions. No further details have been provided.
 - An unspecified flaw may allow a context-dependent attacker to spoof URLs. No further details have been provided.
 - A flaw in Blink allows a universal XSS attack. This flaw exists because the program does not validate input before returning it to users. This may allow a context-dependent attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server.
 - A use-after-free error in Blink may allow a context-dependent attacker can dereference already freed memory and potentially execute arbitrary code. No further details have been provided.
 - An overflow condition exists in Blink. The issue is triggered as certain input is not properly validated. This may allow a context-dependent buffer overflow, potentially allowing the execution of arbitrary code.
 - A flaw in the display of drop-down menus may allow a context-dependent attacker to disguise user interface elements and conduct spoofing attacks.
 - An out-of-bounds read flaw exists in DevTools. This may allow a context-dependent attacker to potentially disclose memory contents.
 - An unspecified flaw may allow a context-dependent attacker to have an unspecified, high severity impact. No further details have been provided by the vendor.
 - An unspecified flaw may allow a context-dependent attacker to have an unspecified, medium severity impact. No further details have been provided by the vendor.
 - An unspecified flaw exists in the 'SkConic::chopIntoQuadsPOW2()' function in 'core/SkGeometry.cpp' that may allow a context-dependent attacker to have an unspecified, high severity impact.
 - An unspecified flaw exists in the 'SkConic::chopIntoQuadsPOW2()' function in 'core/SkGeometry.cpp'. This that may allow a context-dependent attacker to have an unspecified, medium severity impact.
 - A flaw exists in the 'FrameView::layoutOrthogonalWritingModeRoots()' function in 'frame/FrameView.cpp'. The issue is triggered when handling orthogonal writing mode roots with floating siblings. This may allow a context-dependent attacker to potentially execute arbitrary code.
 - A flaw exists in 'ui/views/website_settings/permission_prompt_impl.cc'. The issue is triggered when handling permission bubbles, as the default action is to accept them. With a specially crafted website performing timing attacks, a context-dependent attacker can obtain unintended permissions.
 - An unspecified flaw may allow a context-dependent attacker to have an unspecified, medium severity impact. No further details have been provided by the vendor.

Solution

Update the Chrome browser to 54.0.2840.59 or later.

See Also

https://bugs.chromium.org/p/chromium/issues/detail?id=625698,https://bugs.chromium.org/p/chromium/issues/detail?id=654782

Plugin Details

Severity: High

ID: 9687

Family: Web Clients

Published: 10/17/2016

Updated: 3/6/2019

Nessus ID: 94137

Risk Information

VPR

Risk Factor: Low

Score: 3.0

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 8.1

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:google:chrome

Patch Publication Date: 10/12/2016

Vulnerability Publication Date: 10/12/2016

Reference Information

CVE: CVE-2016-5181

BID: 93528