Lucene search

K
nessusTenable802027.PRM
HistorySep 06, 2016 - 12:00 a.m.

Chrome < 52.0.2743.82 Multiple Vulnerabilities

2016-09-0600:00:00
Tenable
www.tenable.com
23

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

9.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

0.106 Low

EPSS

Percentile

95.0%

The specific version of Chrome that the system is running is reportedly affected by the following vulnerabilities:

  • Google Chrome contains a flaw in PPAPI that is triggered when handling certain messages not sent by the browser in the plugin broker process. This may allow a context-dependent attacker to bypass the sandbox. (CVE-2016-1706)

  • Google Chrome for iOS contains a flaw in web/web_state/ui/crw_web_controller.mm that is triggered when handling invalid URLs. This may allow a context-dependent attacker to conduct URL spoofing attacks. (CVE-2016-1707)

  • Google Chrome contains a use-after-free error related to extensions that may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code.
    (CVE-2016-1708)

  • Google sfntly contains an array indexing error in the ByteArray::Get() function in data/byte_array.cc that is triggered as user-supplied input is not properly validated. This may allow a context-dependent attacker to cause a heap-based buffer overflow, crashing a process linked against the library or potentially allowing the execution of arbitrary code. (CVE-2016-1709)

  • Google Chrome contains a flaw in web/ChromeClientImpl.cpp that is triggered when handling creation of new windows by deferred frames. This may allow a context-dependent attacker to bypass the same-origin policy. (CVE-2016-1710)

  • Google Chrome contains a flaw in core/loader/FrameLoader.cpp that is triggered when handling frame navigations during DocumentLoader detach. This may allow a context-dependent attacker to bypass the same-origin policy. (CVE-2016-1711)

  • Google Chrome contains a use-after-free error in the previousLinePosition() function in core/editing/VisibleUnits.cpp. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (CVE-2016-5127)

  • Google V8 contains an unspecified flaw which may allow a context-dependent attacker to bypass the same-origin policy. No further details have been provided by the vendor. (CVE-2016-5128)

  • Google V8 contains a flaw that is triggered as user-supplied input is not properly validated. This may allow a context-dependent attacker to corrupt memory and cause a denial of service in a process linked against the library or potentially execute arbitrary code. (CVE-2016-5129)

  • Google Chrome contains a flaw in the HistoryController::UpdateForCommit() function in content/renderer/history_controller.cc. The issue is triggered when handling two forward navigations that compete in different frames. This may allow a context-dependent attacker to perform URL spoofing attacks. (CVE-2016-5130)

  • Libxml2 contains a use-after-free error in the xmlXPtrRangeToFunction() function in xpointer.c. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (CVE-2016-5131)

  • Google Chrome contains a flaw related to Service Workers that is triggered when handling subframes of an insecure context. This may allow a context-dependent attacker to perform a limited bypass of the same-origin policy. (CVE-2016-5132)

  • Google Chrome contains a flaw related to proxy authentication that is triggere when handling origins. This may allow a context-dependent attacker to spoof the proxy server origin. (CVE-2016-5133)

  • Google Chrome contains a flaw that is triggered as https:// URLs are not properly sanitized before being sent to PAC scripts. This may allow a context-dependent attacker to leak URLs. (CVE-2016-5134)

  • Google Chrome contains a flaw in html/parser/HTMLPreloadScanner.cpp related to the handling of referrer policies. This may allow a context-dependent attacker to bypass the content security policy (CSP). (CVE-2016-5135)

  • Google Chrome contains a use-after-free error in extensions/renderer/user_script_injector.cc that is triggered when handling UserScript pointers. This may allow a malicious extension to dereference already freed memory and potentially execute arbitrary code with elevated privileges. (CVE-2016-5136)

  • Google Chrome contains a flaw in the CSPSource::portMatches() function in frame/csp/CSPSource.cpp related to HSTS and CSP when handling HTTP vs HTTPS ports in source expressions. This may allow a context-dependent attacker to disclose browsing history information. (CVE-2016-5137)

  • Google Chrome contains a flaw in the LayoutBox::removeFloatingOrPositionedChildFromBlockLists() function in core/layout/LayoutBox.cpp that is triggered when handling LayoutView floats. This may allow a context-dependent attacker to potentially execute arbitrary code. (CVE-2016-1705)

  • Google Chrome contains a flaw in the Resource::canUseCacheValidator() function in core/fetch/Resource.cpp that is triggered when revalidating Resource with redirects. This may allow a context-dependent attacker to have an unspecified impact. (CVE-2016-1705)

  • Google Chrome contains a flaw in the Resource::willFollowRedirect() function in core/fetch/Resource.cpp that is triggered when handling redirect responses while revalidating resources. This may allow a context-dependent attacker to have an unspecified impact. (CVE-2016-1705)

  • Google Chrome contains a flaw in net/url_request/sdch_dictionary_fetcher.cc that is triggered when handling dictionary requests failing after receiving data. This may allow a context-dependent attacker to have an unspecified impact. (CVE-2016-1705)

  • Google Chrome contains a flaw in the ShapeResultSpacing::computeSpacing() function in platform/fonts/shaping/ShapeResultSpacing.cpp that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to potentially execute arbitrary code. (CVE-2016-1705)

  • Google Chrome contains a flaw in the Channel::Message::Deserialize() function in mojo/edk/system/channel.cc that is triggered when handling header sizes in channel messages. This may allow a context-dependent attacker to potentially execute arbitrary code. (CVE-2016-1705)

  • Google Chrome contains an unspecified flaw in Font::individualCharacterRanges() function in platform/fonts/Font.cpp, which may allow a context-dependent attacker to have an unspecified impact. (CVE-2016-1705)

  • Google WebRTC contains an out-of-bounds read flaw in the WebRtcIsacfix_PitchFilter() and WebRtcIsacfix_PitchFilterGains() functions in modules/audio_coding/codecs/isac/fix/source/pitch_filter.c that may allow a context-dependent attacker to crash a process linked against the library or potentially disclose memory contents. (CVE-2016-1705)

  • Google Chrome contains a flaw in org/chromium/chrome/browser/toolbar/CustomTabToolbarAnimationDelegate.java that is due to the program failing to properly load security icons on custom HTTP connection tabs. This may allow a context-dependent attacker to spoof valid icons. (CVE-2016-1705)

  • Google Skia contains an integer overflow condition in the SkLinearGradient::LinearGradientContext::shade4_dx_clamp() function in effects/gradients/SkLinearGradient.cpp . The issue is triggered as user-supplied input is not properly validated. This may allow a context-dependent attacker to have an unspecified impact. (CVE-2016-1705)

  • libvpx contains an invalid read flaw in the setup_frame_size_with_refs() function in vp9/decoder/vp9_decodeframe.c that may allow a context-dependent attacker to crash a process linked against the library or potentially disclose memory contents.

  • Google Chrome contains an unspecified flaw in extensions that is triggered during the handling of NativeMessaging IDs. This may allow a context-dependent attacker to have an unspecified impact. (CVE-2016-1705)

  • Google Chrome contains an out-of-bounds read flaw in the HTMLMenuItemElement::defaultEventHandler() function in core/html/HTMLMenuItemElement.cpp that may allow a context-dependent attacker to potentially disclose memory contents. (CVE-2016-1705)

  • Google Chrome contains an unspecified flaw in the GURL::ReplaceComponents() function in url/gurl.cc that is triggered during inner URL creation. This may allow a context-dependent attacker to have an unspecified impact. No further details have been provided. (CVE-2016-1705)

  • Google V8 contains an unspecified flaw that may allow a context-dependent attacker to have an unspecified impact. No further details have been provided by the vendor. (CVE-2016-1705)

Binary data 802027.prm

References

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

9.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

0.106 Low

EPSS

Percentile

95.0%