| VID |
28877 |
| Severity |
40 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The version of Google Chrome installed on the remote Windows host is prior to 46.0.2490.71. It is, therefore, affected by multiple vulnerabilities :
- A same-origin bypass vulnerability exists in Blink that allows an attacker to bypass the same-origin policy. (CVE-2015-6755)
- A use-after-free error exists in PDFium. A remote attacker can exploit this to dereference already freed memory, potentially resulting in the execution of arbitrary code or a denial of service condition. (CVE-2015-6756)
- A use-after-free error exists in ServiceWorker. A remote attacker can exploit this to dereference already freed memory, potentially resulting in the execution of arbitrary code. (CVE-2015-6757)
- An unspecified bad cast issue exists in PDFium that a remote attacker can exploit to have an unspecified impact. (CVE-2015-6758)
- An unspecified flaw exists in LocalStorage that allows an attacker to disclose sensitive information. (CVE-2015-6759)
- An unspecified flaw exists when handling errors that allows an attacker to have an unspecified impact. (CVE-2015-6760)
- A memory corruption issues exists in FFMpeg due to improper validation of user-supplied input. A remote attacker can exploit this to execute arbitrary code. (CVE-2015-6761)
- An unspecified flaw exists when handling CSS fonts. An attacker can exploit this to bypass cross-origin resource sharing (CORS) restrictions. (CVE-2015-6762)
- Multiple unspecified high severity issues exist that allow an attacker to have an unspecified impact. (CVE-2015-6763)
* Note: This check requires an account with administrative privileges which can log into the host to scan. Absence of this condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* References:
http://googlechromereleases.blogspot.kr/2015/10/stable-channel-update.html
* Platforms Affected:
Google Chrome versions prior to 46.0.2490.71
Microsoft Windows Any version |
| Recommendation |
Upgrade to the latest version Google Chrome (46.0.2490.71 or later), available from the Google Web site at http://www.google.com/chrome/ |
| Related URL |
CVE-2015-6755,CVE-2015-6756,CVE-2015-6757,CVE-2015-6758,CVE-2015-6759,CVE-2015-6760,CVE-2015-6761,CVE-2015-6762,CVE-2015-6763 (CVE) |
| Related URL |
86380 (SecurityFocus) |
| Related URL |
(ISS) |
|
