Lucene search

K
kasperskyKaspersky LabKLA10636
HistoryJul 21, 2015 - 12:00 a.m.

KLA10636 Multiple vulnerabilities in Google Chrome

2015-07-2100:00:00
Kaspersky Lab
threats.kaspersky.com
28

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.7 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.038 Low

EPSS

Percentile

91.7%

Detect date:

07/21/2015

Severity:

Critical

Description:

Multiple serious vulnerabilities have been found in Google Chrome. Malicious users can exploit these vulnerabilities to cause a denial of service or (and) obtain sensitive information via specially crafted JavaScript code, specially crafted web site, unspecified linear-time attack, crafted XML data, crafted PDF document and other unknown vectors.

Affected products:

Google Chrome versions earlier than 44.0.2403.89

Solution:

Update to the latest version. File with name old_chrome can be still detected after update. It caused by Google Chrome update policy which does not remove old versions when installing updates. Try to contact vendor for further delete instructions or ignore such kind of alerts at your own risk.

Original advisories:

Google Chrome blog post

Impacts:

ACE

Related products:

Google Chrome

CVE-IDS:

CVE-2015-12874.3Warning
CVE-2015-12886.8High
CVE-2015-12814.3Warning
CVE-2015-12784.3Warning
CVE-2015-12777.5Critical
CVE-2015-12807.5Critical
CVE-2015-12797.5Critical
CVE-2015-12826.8High
CVE-2015-12736.8High
CVE-2015-12727.5Critical
CVE-2015-12836.8High
CVE-2015-12847.5Critical
CVE-2015-12855.0Warning
CVE-2015-12767.5Critical
CVE-2015-12864.3Warning
CVE-2015-12754.3Warning
CVE-2015-12706.8High
CVE-2015-12897.5Critical
CVE-2015-12746.8High
CVE-2015-12716.8High

References

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.7 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.038 Low

EPSS

Percentile

91.7%