Google Chrome < 57.0.2987.98 Multiple Vulnerabilities

critical Nessus Network Monitor Plugin ID 9991

Synopsis

The remote host is utilizing a web browser that is affected by multiple attack vectors.

Description

The version of Google Chrome installed on the remote host is prior to 57.0.2987.98, and is affected by multiple vulnerabilities :

- An unspecified flaw exists that may allow a context-dependent attacker to have an unspecified, high severity impact. No further details have been provided by the vendor.
- Integer overflow conditions exist in the 'TrackFragmentRun::Parse()' function in 'media/formats/mp4/box_definitions.cc' that are triggered when parsing track fragments in MP4 content. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.
- A use-after-free condition exists that is triggered as GuestView objects inherit the prototypes from the global JS object. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code.
- A use-after-free error exists in 'guest_view_internal_custom_bindings.cc' that is triggered when handling the GuestViewContainer pointer during a GuestView attach operation. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code.
- An unspecified flaw exists in the XSS auditor that may allow a context-dependent attacker to disclose information. No further details have been provided by the vendor.
- A flaw exists in the 'Document::initContentSecurityPolicy()' function in 'dom/Document.cpp' that is triggered as local schemes do not inherit the content security policy when using e.g. 'window.open()'. This may allow a context-dependent attacker to bypass the content security policy.
- A flaw exists in 'bindings/templates/interface_base.cpp.tmpl' that is triggered when handling author scripts interacting with 'Symbol.toPrimitive' properties of Location objects. This may allow a context-dependent attacker to disclose information.
- A flaw exists in the Omnibox address bar that may allow a context-dependent attacker to spoof an address. No further details have been provided by the vendor.
- An unspecified flaw exists in the Cast feature that is triggered when handling cookies. This may allow a context-dependent attacker to have an unspecified impact.
- A flaw exists in the 'SVGInlineTextBoxPainter::shouldPaintSelection()' function in 'paint/SVGInlineTextBoxPainter.cpp' that is triggered when painting selections and rendering a mask, clip-path, pattern, or feImage.

Solution

Update the Chrome browser to 57.0.2987.98 or later.

See Also

https://chromium.googlesource.com/chromium/src/+/90824416d3eeae5ec6013b250123df65e9d48032

Plugin Details

Severity: Critical

ID: 9991

Family: Web Clients

Published: 3/10/2017

Updated: 3/6/2019

Nessus ID: 97725

Risk Information

VPR

Risk Factor: Low

Score: 1.4

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:google:chrome

Patch Publication Date: 3/9/2017

Vulnerability Publication Date: 12/22/2016

Reference Information

CVE: CVE-2017-5033

BID: 96767