Google Chrome < 48.0.2564.109 Multiple Vulnerabilities

The version of Google Chrome on the remote host is prior to 48.0.2564.109 and is affected by the following vulnerabilities :

• An unspecified flaw exists in the extensions component which may allow a context-dependent attacker to bypass the same-origin policy. (CVE-2016-1622)
• A flaw exists in ‘loader/FrameLoader.cpp’ that is triggered when handling attachment of child frames during frame detach. This may allow a context-dependent attacker to bypass the same-origin policy. (CVE-2016-1623)
• A flaw exists in a pointer underflow condition in the ‘ProcessCommandsInternal()’ function in ‘dec/decode.c’ that is triggered when decoding literals. This may allow a context-dependent attacker to cause a buffer overflow and potentially execute arbitrary code. (CVE-2016-1624)
• A flaw exists in the ‘SearchTabHelper::NavigateToURL()’ function in ‘ui/search/search_tab_helper.cc’. The issue is triggered as navigation is permitted to privileged URLs that should not be considered valid navigation targets. This may allow a context-dependent attacker to bypass intended navigation restrictions. (CVE-2016-1625)
• An out-of-bounds read flaw exists in the ‘opj_pi_update_decode_poc()’ function in ‘lib/openjp2/pi.c’. This may allow a context-dependent attacker to crash a process linked against the library or potentially disclose memory contents. (CVE-2016-1626)
• An unspecified flaw exists that may allow a context-dependent attacker to have an unspecified impact. No further details have been provided by the vendor. (CVE-2016-1627)