Facebook Google Plus Twitter LinkedIn YouTube RSS 功能表 搜尋 Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Google Chrome < 57.0.2987.98 Multiple Vulnerabilities

Critical

Synopsis

The remote host is utilizing a web browser that is affected by multiple attack vectors.

Description

The version of Google Chrome installed on the remote host is prior to 57.0.2987.98, and is affected by multiple vulnerabilities :

- An unspecified flaw exists that may allow a context-dependent attacker to have an unspecified, high severity impact.No further details have been provided by the vendor.(OSVDB 153329) - Integer overflow conditions exist in the 'TrackFragmentRun::Parse()' function in 'media/formats/mp4/box_definitions.cc' that are triggered when parsing track fragments in MP4 content.This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.(OSVDB 153332) - A use-after-free condition exists that is triggered as GuestView objects inherit the prototypes from the global JS object.This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code.(OSVDB 153334) - A use-after-free error exists in 'guest_view_internal_custom_bindings.cc' that is triggered when handling the GuestViewContainer pointer during a GuestView attach operation.This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code.(OSVDB 153335) - An unspecified flaw exists in the XSS auditor that may allow a context-dependent attacker to disclose information.No further details have been provided by the vendor.(OSVDB 153336) - A flaw exists in the 'Document::initContentSecurityPolicy()' function in 'dom/Document.cpp' that is triggered as local schemes do not inherit the content security policy when using e.g. 'window.open()'.This may allow a context-dependent attacker to bypass the content security policy.(OSVDB 153337) - A flaw exists in 'bindings/templates/interface_base.cpp.tmpl' that is triggered when handling author scripts interacting with 'Symbol.toPrimitive' properties of Location objects.This may allow a context-dependent attacker to disclose information.(OSVDB 153340) - A flaw exists in the Omnibox address bar that may allow a context-dependent attacker to spoof an address.No further details have been provided by the vendor.(OSVDB 153341) - An unspecified flaw exists in the Cast feature that is triggered when handling cookies.This may allow a context-dependent attacker to have an unspecified impact.(OSVDB 153342) - A flaw exists in the 'SVGInlineTextBoxPainter::shouldPaintSelection()' function in 'paint/SVGInlineTextBoxPainter.cpp' that is triggered when painting selections and rendering a mask, clip-path, pattern, or feImage.This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.(OSVDB 153343) - A flaw exists that is triggered as wrapper objects are shared across window contexts when handling InputDeviceCapabilities objects.This may allow a context-dependent attacker to have an unspecified impact.(OSVDB 153344) - A flaw exists in the 'DOMWindow' class in 'frame/DOMWindow.cpp' that is triggered as wrappers for external APIs are shared between window contexts.This may allow a context-dependent attacker to have an unspecified impact.(OSVDB 153345) - A use-after-free condition exists in the handling of ShaderDiskCache entries in 'gpu/ipc/host/shader_disk_cache.cc' that is triggered when deleting an entry before the backend has finished opening the entry.This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code.(OSVDB 153346) - A flaw exists in 'layout/FloatingObjects.cpp' that is triggered when handling the 'shouldPaint' property in the 'FloatingObject' class.This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.(OSVDB 153347) - A flaw exists in a 'TraceInCollectionTrait' class template in 'TraceTraits.h' that is triggered when handling container sizes during HeapVectorBacking tracing.This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.(OSVDB 153348) - A flaw exists in the 'NavigationControllerImpl::RendererDidNavigateToExistingPage()' function in 'navigation_controller_impl.cc' that is triggered when handling data from the renderer process.This may allow a context-dependent attacker to have an unspecified impact on the security UI.(OSVDB 153349) - A race condition exists that is triggered as the 'PlayStateUpdateScope' destructor resolves promises synchronously inside a forbidden scope.This may allow a context-dependent attacker to execute script code in a forbidden scope.(OSVDB 153350) - A flaw exists that is triggered when handling 'childBrowsingContexts' upon named window access.This may allow a context-dependent attacker to have an unspecified impact on the same-origin restriction.(OSVDB 153353) - A flaw exists related to the sandbox Content Security Policy that is triggered when web content is being loaded.This may allow a context-dependent attacker to have an unspecified impact.(OSVDB 153354) - A flaw exists in the handling of timeout limits for foreign fetch events that are triggered by another service worker.This may allow a context-dependent attacker to have an unspecified impact.(OSVDB 153386)

解決方案

Update the Chrome browser to 57.0.2987.98 or later.