Korean

<< Back VID 28890 Severity 40 Port 139,445 Protocol TCP Class SMB Detailed Description The version of Google Chrome installed on the remote Windows host is prior to 57.0.2987.133. It is, therefore, affected by the following vulnerabilities : - A type cast error exists in Blink in the LayoutInline::absoluteVisualRect() function within file layout/LayoutInline.cpp that allows an unauthenticated, remote attacker to cause an unspecified impact. (CVE-2017-5052) - An out-of-bounds read error exists in V8 in the IndexOfValueImpl() function template within file builtins/builtins-array.cc when handling arrays. An unauthenticated, remote attacker can exploit this to disclose memory content. (CVE-2017-5053) - A heap buffer overflow condition exists in V8 that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2017-5054) - A use-after-free error exists in the PrintViewManager class within file printing/print_view_manager.cc when handling previews. An unauthenticated, remote attacker can exploit this to deference already freed memory, resulting in the execution arbitrary code. (CVE-2017-5055) - A use-after-free error exists in the Blink that allows an unauthenticated, remote attacker to dereference already freed memory, resulting in the execution of arbitrary code. (CVE-2017-5056) * Note: This check requires an account with administrative privileges which can log into the host to scan. Absence of this condition will result in the check not being performed and a False Negative for all vulnerable hosts. * References: https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop_29.html * Platforms Affected: Google Chrome versions prior to 57.0.2987.133 Microsoft Windows Any version Recommendation Upgrade to the latest version Google Chrome (57.0.2987.133 or later), available from the Google Web site at http://www.google.com/chrome/ Related URL CVE-2017-5052,CVE-2017-5053,CVE-2017-5054,CVE-2017-5055,CVE-2017-5056 (CVE) Related URL 97220,97221 (SecurityFocus) Related URL (ISS)