Google Chrome < 42.0.2311.90 Multiple Vulnerabilities

The version of Google Chrome on the remote host is prior to 42.0.2311.90 and is affected by the following vulnerabilities :

• A cross-origin bypass vulnerability exists due to an unspecified flaw in the HTML parser. (CVE-2015-1235)

• A cross-origin bypass vulnerability exists due to a flaw in ‘MediaElementAudioSourceNode.cpp’ when handling audio content. (CVE-2015-1236)

• A use-after-free error exists in ‘render_frame_impl.cc’ due to improper handling of a frame when it receives messages while detaching. An attacker can exploit this flaw to dereference already freed memory and execute arbitrary code. (CVE-2015-1237)

• An unspecified out-of-bounds write flaw exists in the Skia filters. (CVE-2015-1238)

• An out-of-bounds read flaw exists in WebGL due to improper handling of ES3 commands. An attacker can exploit this flaw to disclose memory contents. (CVE-2015-1240)

• An unspecified tap-jacking flaw exists when certain tap events aren’t preceded by TapDown events. An attacker can exploit this to direct taps to cross-pages and cross-domains. (CVE-2015-1241)

• A type confusion error exists in the ReduceTransitionElementsKind() function in ‘hydrogen-check-elimination.cc’. An attacker can exploit this error to execute arbitrary code. (CVE-2015-1242)

• A flaw exists related to WebSocket connections due to HTTP Strict Transport Security (HSTS) not being strictly enforced. A man-in-the-middle attacker can exploit this flaw to view and manipulate protected communication. (CVE-2015-1244) - A use-after-free error exists in ‘open_pdf_in_reader_view.cc’ due to improper handling in the ‘Open PDF in Reader’ bubble on navigations. An attacker can exploit this flaw to dereference already freed memory and execute arbitrary code. (CVE-2015-1245)

• An unspecified out-of-bounds read flaw exists in Blink. An attacker can exploit this to disclose memory contents. (CVE-2015-1246)

• A flaw exists in the OnPageHasOSDD() function in ‘search_engine_tab_helper.cc’ due to improper handling of URLs for the OpenSearch descriptor. An attacker can exploit this flaw to disclose sensitive information. (CVE-2015-1247)

• An unspecified flaw exists that allows an attacker to bypass SafeBrowsing. (CVE-2015-1248)

• Multiple unspecified vulnerabilities exist that allow an attacker to have an unspecified impact. (CVE-2015-1249)

• Multiple unspecified vulnerabilities exist in V8 that allow an attacker to cause a denial of service and other unspecified impacts. (CVE-2015-3333)

• A media permission handling weakness exists due to camera and microphone permissions being merged into a single ‘Media’ permission. An attacker can exploit this, via a specially crafted website, to turn on a victim’s camera while the victim believes camera access is prohibited. (CVE-2015-3334)

• A flaw exists due to missing address space usage limitation (RLIMIT_AS and RLIMIT_DATA) in the Native Client (NaCl) process. This allows a remote attacker to run a crafted program in the NaCl sandbox and to conduct row-hammer attacks. (CVE-2015-3335)