Google Chrome < 53.0.2785.89 Multiple Vulnerabilities

The version of Google Chrome installed on the remote host is prior to 53.0.2785.89, and is affected by multiple vulnerabilities :

• An unspecified use-after-free error may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code.
• An unspecified use-after-free error in ‘Blink’ may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code.
• An unspecified flaw exists in ‘Extensions’ that may allow a context-dependent attacker to inject scripts. No further details have been provided by the vendor.
• A flaw in ‘Blink’ allows a universal cross-site scripting (XSS) attack. This flaw exists because the program does not validate input before returning it to users. This may allow a context-dependent attacker to create a specially crafted request that would execute arbitrary script code in a user’s browser session within the trust relationship between their browser and the server.
• A flaw in ‘Blink’ allows a universal XSS attack. This flaw exists because the program does not validate input before returning it to users. This may allow a context-dependent attacker to create a specially crafted request that would execute arbitrary script code in a user’s browser session within the trust relationship between their browser and the server.
• An unspecified flaw in ‘Extensions’ may allow a context-dependent attacker to bypass web accessible resources. No further details have been provided by the vendor.
• A flaw exists related to honoring of the ‘web_accessible_resources’ extension manifest field used to restrict web pages from accessing Extension resources. This may allow a context-dependent attacker to bypass intended restrictions.
• An unspecified flaw may allow a context-dependent attacker to spoof the address bar. No further details have been provided by the vendor.
• A flaw in ‘DevTools’ allows a universal XSS attack. This flaw exists because the program does not validate input before returning it to users. This may allow a context-dependent attacker to create a specially crafted request that would execute arbitrary script code in a user’s browser session within the trust relationship between their browser and the server.
• A use-after-free error in ‘Event Bindings’ may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code.
• An overflow condition is triggered as certain input is not properly validated. This may allow a context-dependent attacker to cause a heap-based buffer overflow, resulting in a denial of service in a process linked against the library or potentially allowing the execution of arbitrary code.
• An overflow condition is triggered as certain input is not properly validated. This may allow a context-dependent attacker to cause a heap-based buffer overflow, resulting in a denial of service in a process linked against the library or potentially allowing the execution of arbitrary code.
• An unspecified use-after-destruction error in ‘Blink’ may allow a context-dependent attacker to have an unspecified impact. No further details have been provided.
• An unspecified flaw related to the usage of ‘Save Page As’ may allow a context-dependent attacker to conduct an SMB relay attack.