Google Chrome < 56.0.2924.76 Multiple Vulnerabilities

The version of Google Chrome installed on the remote host is prior to 56.0.2924.76, and is affected by multiple vulnerabilities :

• A flaw exists that allows a universal cross-site scripting (UXSS) attack. This flaw exists because the program does not properly suspend pages that are closing, but not yet fully closed. This may allow a context-dependent attacker to create a specially crafted request that would execute arbitrary script code in a user’s browser session within the trust relationship between their browser and any website.
• A flaw exists in the ‘Document::shutdown()’ function in ‘dom/Document.cpp’ that allows a UXSS attack. This flaw exists because the program does not properly clear the the owner’s widget for a frame. This may allow a context-dependent attacker to create a specially crafted request that would execute arbitrary script code in a user’s browser session within the trust relationship between their browser and any website.
• A flaw exists in the ‘compileAndRunPrivateScript()’ function in ‘bindings/core/v8/PrivateScriptRunner.cpp’ that allows a UXSS attack. This flaw exists because the program does not properly protect private scripts. This may allow a context-dependent attacker to create a specially crafted request that would execute arbitrary script code in a user’s browser session within the trust relationship between their browser and any website.
• A flaw exists in ‘css/FontFace.cpp’ that allows a UXSS attack. This flaw exists because the program does not properly handle FontFace objects. This may allow a context-dependent attacker to create a specially crafted request that would execute arbitrary script code in a user’s browser session within the trust relationship between their browser and any website.
• A flaw exists in Devtools related to front-end URL handling. This may allow a context-dependent attacker to gain unauthorized access to files.
• A flaw exists in the ‘Browser::ShouldFocusLocationBarByDefault()’ function in ‘ui/browser.cc’ that is triggered when handling NTP navigations in non-selected tabs. This may allow a context-dependent attacker to spoof the address.
• An unspecified flaw exists in Omnibox that may allow a context-dependent attacker to spoof the address. No further details have been provided.
• A flaw exists in the ‘HTMLFormControlElement::updateVisibleValidationMessage()’ function in ‘html/HTMLFormControlElement.cpp’ related to the form validation bubble being displayed for invisible pages. This may allow a context-dependent attacker to spoof the UI.
• An unspecified uninitialized memory access flaw in ‘webm video’ that may allow a context-dependent attacker to have an unspecified impact. No further details have been provided.
• A type confusion flaw exists in the histogram collector feature that is triggered when handling serialised histograms. This may allow a context-dependent attacker to crash the browser.
• A use-after-free error exists in the ‘RenderFrameImpl::OnBeforeUnload()’ function in ‘content/renderer/render_frame_impl.cc’.