Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2016-2022 and is owned by Tenable, Inc. or an Affiliate thereof.GOOGLE_CHROME_51_0_2704_63.NASL
HistoryMay 27, 2016 - 12:00 a.m.

Google Chrome < 51.0.2704.63 Multiple Vulnerabilities

2016-05-2700:00:00
This script is Copyright (C) 2016-2022 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
31
JSON

The version of Google Chrome installed on the remote Windows host is prior to 51.0.2704.63. It is, therefore, affected by multiple vulnerabilities :

  • Multiple unspecified flaws exist in extension bindings that allow a remote attacker to bypass the same-origin policy. No other details are available. (CVE-2016-1672, CVE-2016-1676)

  • Multiple unspecified flaws exist in Blink that allow a remote attacker to bypass the same-origin policy. No other details are available. (CVE-2016-1673, CVE-2016-1675)

  • An unspecified flaw exists in Extensions that allows a remote attacker to bypass the same-origin policy.
    No other details are available. (CVE-2016-1674)

  • An unspecified type confusion error exists in V8 decodeURI that allows a remote attacker to disclose potentially sensitive information. (CVE-2016-1677)

  • A heap buffer overflow condition exists in V8 due to improper validation of user-supplied input. A remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code.
    (CVE-2016-1678)

  • A heap use-after-free error exists in V8 bindings that allows a remote attacker to deference already freed memory and execute arbitrary code. (CVE-2016-1679)

  • A heap use-after-free error exists in Google Skia that allows a remote attacker to deference already freed memory and execute arbitrary code. (CVE-2016-1680)

  • A buffer overflow condition exists in OpenJPEG in the opj_j2k_read_SPCod_SPCoc() function within file j2k.c due to improper validation of user-supplied input. A remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code.
    (CVE-2016-1681)

  • An unspecified flaw exists in ServiceWorker that allows a remote attacker to bypass the Content Security Policy (CSP). No other details are available. (CVE-2016-1682)

  • An unspecified out-of-bounds access error exists in libxslt that allows a remote attacker to have an unspecified impact. (CVE-2016-1683)

  • An integer overflow condition exists in libxslt that allows a remote attacker to have an unspecified impact.
    (CVE-2016-1684)

  • Multiple out-of-bounds read errors exist in PDFium that allow a remote attacker to cause a denial of service condition or disclose potentially sensitive information.
    (CVE-2016-1685, CVE-2016-1686)

  • An unspecified flaw exists in Extensions that allows a remote attacker to disclose potentially sensitive information. No other details are available.
    (CVE-2016-1687)

  • An out-of-bounds read error exists in V8 that allows a remote attacker to cause a denial of service condition or disclose potentially sensitive information.
    (CVE-2016-1688)

  • A heap buffer overflow condition exists in Media due to improper validation of user-supplied input. A remote attacker can exploit this to execute arbitrary code.
    (CVE-2016-1689)

  • A heap use-after-free error exists in Autofill that allows a remote attacker to execute arbitrary code.
    (CVE-2016-1690)

  • A heap buffer overflow condition exists in Google Skia due to improper validation of user-supplied input. A remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code.
    (CVE-2016-1691)

  • An unspecified flaw exists in ServiceWorker that allows a remote attacker to carry out a limited bypass of the same-origin policy. No other details are available.
    (CVE-2016-1692)

  • A flaw exists due to the Software Removal Tool being downloaded over an HTTP connection. A man-in-the-middle attacker can exploit this to manipulate its contents.
    (CVE-2016-1693)

  • A unspecified flaw exists that is triggered when HTTP Public Key Pinning (HPKP) pins are removed when clearing the cache. No other details are available.
    (CVE-2016-1694)

  • Multiple unspecified issues exist that allow a remote attacker to execute arbitrary code. (CVE-2016-1695)

  • A use-after-free error exists in ‘MailboxManagerImpl’ that is triggered when handling GPU commands. A remote attacker can exploit this to dereference already freed memory, resulting in the execution of arbitrary code.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(91350);
  script_version("1.15");
  script_set_attribute(attribute:"plugin_modification_date", value:"2022/04/11");

  script_cve_id(
    "CVE-2016-1672",
    "CVE-2016-1673",
    "CVE-2016-1674",
    "CVE-2016-1675",
    "CVE-2016-1676",
    "CVE-2016-1677",
    "CVE-2016-1678",
    "CVE-2016-1679",
    "CVE-2016-1680",
    "CVE-2016-1681",
    "CVE-2016-1682",
    "CVE-2016-1683",
    "CVE-2016-1684",
    "CVE-2016-1685",
    "CVE-2016-1686",
    "CVE-2016-1687",
    "CVE-2016-1688",
    "CVE-2016-1689",
    "CVE-2016-1690",
    "CVE-2016-1691",
    "CVE-2016-1692",
    "CVE-2016-1693",
    "CVE-2016-1694",
    "CVE-2016-1695"
  );
  script_xref(name:"EDB-ID", value:"39961");

  script_name(english:"Google Chrome < 51.0.2704.63 Multiple Vulnerabilities");

  script_set_attribute(attribute:"synopsis", value:
"A web browser installed on the remote Windows host is affected by
multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The version of Google Chrome installed on the remote Windows host is
prior to 51.0.2704.63. It is, therefore, affected by multiple
vulnerabilities :

  - Multiple unspecified flaws exist in extension bindings
    that allow a remote attacker to bypass the same-origin
    policy. No other details are available. (CVE-2016-1672,
    CVE-2016-1676)

  - Multiple unspecified flaws exist in Blink that allow a
    remote attacker to bypass the same-origin policy. No
    other details are available. (CVE-2016-1673,
    CVE-2016-1675)

  - An unspecified flaw exists in Extensions that allows a
    remote attacker to bypass the same-origin policy.
    No other details are available. (CVE-2016-1674)

  - An unspecified type confusion error exists in V8
    decodeURI that allows a remote attacker to disclose
    potentially sensitive information. (CVE-2016-1677)

  - A heap buffer overflow condition exists in V8 due to
    improper validation of user-supplied input. A remote
    attacker can exploit this to cause a denial of service
    condition or the execution of arbitrary code.
    (CVE-2016-1678)

  - A heap use-after-free error exists in V8 bindings that
    allows a remote attacker to deference already freed
    memory and execute arbitrary code. (CVE-2016-1679)

  - A heap use-after-free error exists in Google Skia that
    allows a remote attacker to deference already freed
    memory and execute arbitrary code. (CVE-2016-1680)

  - A buffer overflow condition exists in OpenJPEG in the
    opj_j2k_read_SPCod_SPCoc() function within file j2k.c
    due to improper validation of user-supplied input. A
    remote attacker can exploit this to cause a denial of
    service condition or the execution of arbitrary code.
    (CVE-2016-1681)

  - An unspecified flaw exists in ServiceWorker that allows
    a remote attacker to bypass the Content Security Policy
    (CSP). No other details are available. (CVE-2016-1682)

  - An unspecified out-of-bounds access error exists in
    libxslt that allows a remote attacker to have an
    unspecified impact. (CVE-2016-1683)

  - An integer overflow condition exists in libxslt that
    allows a remote attacker to have an unspecified impact.
    (CVE-2016-1684)

  - Multiple out-of-bounds read errors exist in PDFium that
    allow a remote attacker to cause a denial of service
    condition or disclose potentially sensitive information.
    (CVE-2016-1685, CVE-2016-1686)

  - An unspecified flaw exists in Extensions that allows a
    remote attacker to disclose potentially sensitive
    information. No other details are available.
    (CVE-2016-1687)

  - An out-of-bounds read error exists in V8 that allows a
    remote attacker to cause a denial of service condition
    or disclose potentially sensitive information.
    (CVE-2016-1688)

  - A heap buffer overflow condition exists in Media due to
    improper validation of user-supplied input. A remote
    attacker can exploit this to execute arbitrary code.
    (CVE-2016-1689)

  - A heap use-after-free error exists in Autofill that
    allows a remote attacker to execute arbitrary code.
    (CVE-2016-1690)

  - A heap buffer overflow condition exists in Google Skia
    due to improper validation of user-supplied input. A
    remote attacker can exploit this to cause a denial of
    service condition or the execution of arbitrary code.
    (CVE-2016-1691)

  - An unspecified flaw exists in ServiceWorker that allows
    a remote attacker to carry out a limited bypass of the
    same-origin policy. No other details are available.
    (CVE-2016-1692)

  - A flaw exists due to the Software Removal Tool being
    downloaded over an HTTP connection. A man-in-the-middle
    attacker can exploit this to manipulate its contents.
    (CVE-2016-1693)

  - A unspecified flaw exists that is triggered when HTTP
    Public Key Pinning (HPKP) pins are removed when clearing
    the cache. No other details are available.
    (CVE-2016-1694)

  - Multiple unspecified issues exist that allow a remote
    attacker to execute arbitrary code. (CVE-2016-1695)

  - A use-after-free error exists in 'MailboxManagerImpl'
    that is triggered when handling GPU commands. A remote
    attacker can exploit this to dereference already freed
    memory, resulting in the execution of arbitrary code.");
  # http://googlechromereleases.blogspot.com/2016/05/stable-channel-update_25.html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?e4d6f0fa");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Google Chrome version 51.0.2704.63 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-1695");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2016/04/11");
  script_set_attribute(attribute:"patch_publication_date", value:"2016/05/25");
  script_set_attribute(attribute:"plugin_publication_date", value:"2016/05/27");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:google:chrome");
  script_set_attribute(attribute:"thorough_tests", value:"true");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2016-2022 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("google_chrome_installed.nasl");
  script_require_keys("SMB/Google_Chrome/Installed");

  exit(0);
}

include("google_chrome_version.inc");

get_kb_item_or_exit("SMB/Google_Chrome/Installed");
installs = get_kb_list("SMB/Google_Chrome/*");

google_chrome_check_version(installs:installs, fix:'51.0.2704.63', severity:SECURITY_WARNING);
VendorProductVersionCPE
googlechromecpe:/a:google:chrome

References

Related

nessus 17
mageia 2
freebsd 2
threatpost 2
openvas 19
kaspersky 1
redhat 1
suse 3
archlinux 1
gentoo 1
chrome 1
debian 5
osv 2
ubuntu 2
veracode 3
cve 26
prion 26
debiancve 25
ubuntucve 25
redhatcve 25
seebug 6
checkpoint_advisories 1
talos 1
fedora 1
rosalinux 1
nessus
nessus
RHEL 6 : chromium-browser (RHSA-2016:1190)
2016-06-02 00:00:00
FreeBSD : chromium -- multiple vulnerabilities (1a6bbb95-24b8-11e6-bd31-3065ec8fd3ec)
2016-05-31 00:00:00
openSUSE Security Update : Chromium (openSUSE-2016-652)
2016-06-01 00:00:00
mageia
mageia
Updated chromium-browser-stable packages fix security vulnerabilities
2016-06-03 00:40:03
Updated libxslt packages fix security vulnerability
2016-06-08 00:39:50
freebsd
freebsd
chromium -- multiple vulnerabilities
2016-05-25 00:00:00
libxslt -- Denial of Service
2016-05-25 00:00:00
threatpost
threatpost
Researcher Pockets $30,000 in Chrome Bounties
2016-05-27 07:00:25
Google Patches High Severity Browser PDF Exploit
2016-06-09 13:46:59
openvas
openvas
Mageia: Security Advisory (MGASA-2016-0214)
2022-01-28 00:00:00
Google Chrome Security Updates (stable-channel-update_25-2016-05) - Mac OS X
2016-05-30 00:00:00
Google Chrome Security Updates (stable-channel-update_25-2016-05) - Windows
2016-05-30 00:00:00
kaspersky
kaspersky
KLA10816 Multiple vulnerabilities in Google Chrome
2016-05-25 00:00:00
redhat
redhat
(RHSA-2016:1190) Important: chromium-browser security update
2016-06-01 10:34:16
suse
suse
Security update for Chromium (important)
2016-05-28 01:08:05
Security update for Chromium (important)
2016-05-28 01:08:32
Security update for Chromium (important)
2016-06-05 16:07:48
archlinux
archlinux
chromium: multiple issues
2016-05-28 00:00:00
gentoo
gentoo
Chromium: Multiple vulnerabilities
2016-07-16 00:00:00
chrome
chrome
Stable Channel Update
2016-05-25 00:00:00
debian
debian
[SECURITY] [DSA 3590-1] chromium-browser security update
2016-06-01 03:49:42
[SECURITY] [DSA 3590-1] chromium-browser security update
2016-06-01 03:49:03
[SECURITY] [DSA 3605-1] libxslt security update
2016-06-19 05:00:31
osv
osv
chromium-browser - security update
2016-06-01 00:00:00
libxslt - security update
2016-06-12 00:00:00
ubuntu
ubuntu
Oxide vulnerabilities
2016-06-06 00:00:00
Libxslt vulnerabilities
2017-04-28 00:00:00
veracode
veracode
Copy-Paste Vulnerability (CPV) Through Libxslt
2017-05-17 07:06:54
Denial Of Service (DoS)
2018-07-17 10:26:43
Denial Of Service (DoS)
2018-07-17 10:32:25
cve
cve
CVE-2016-1691
2016-06-05 23:59:00
CVE-2016-1683
2016-06-05 23:59:00
CVE-2016-1680
2016-06-05 23:59:00
prion
prion
Heap overflow
2016-06-05 23:59:00
Design/Logic Flaw
2016-06-05 23:59:00
Design/Logic Flaw
2016-06-05 23:59:00
debiancve
debiancve
CVE-2016-1691
2016-06-05 23:59:00
CVE-2016-1673
2016-06-05 23:59:00
CVE-2016-1672
2016-06-05 23:59:00
ubuntucve
ubuntucve
CVE-2016-1673
2016-05-31 00:00:00
CVE-2016-1691
2016-05-31 00:00:00
CVE-2016-1672
2016-06-05 00:00:00
redhatcve
redhatcve
CVE-2016-1691
2016-05-26 10:50:20
CVE-2016-1683
2016-05-26 10:48:43
CVE-2016-1688
2016-05-26 10:48:32
seebug
seebug
Chrome Universal XSS using a FrameNavigationDisabler bypass (CVE-2016-1673)
2017-04-24 00:00:00
Google Chrome PDFium jpeg2000 SIZ Code Execution Vulnerability(CVE-2016-1681)
2017-10-20 00:00:00
Chrome Universal XSS using an intercepted native function (CVE-2016-1672)
2017-04-24 00:00:00
checkpoint_advisories
checkpoint_advisories
OpenJPEG Buffer Overflow (CVE-2016-1681)
2021-02-23 00:00:00
talos
talos
Google Chrome PDFium jpeg2000 SIZ Code Execution Vulnerability
2016-06-08 00:00:00
fedora
fedora
[SECURITY] Fedora 30 Update: mingw-libxslt-1.1.33-1.fc30
2019-06-18 18:15:35
rosalinux
rosalinux
Advisory ROSA-SA-2021-1906
2021-07-02 17:26:03
JSON
Related for GOOGLE_CHROME_51_0_2704_63.NASL
nessus17mageia2freebsd2threatpost2openvas19kaspersky1redhat1suse3archlinux1gentoo1chrome1debian5osv2ubuntu2veracode3cve26prion26debiancve25ubuntucve25redhatcve25seebug6checkpoint_advisories1talos1fedora1rosalinux1