| VID |
28893 |
| Severity |
40 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The version of Google Chrome installed on the remote Windows host is prior to 61.0.3163.79. It is, therefore, affected by the following vulnerabilities :
- A use-after-free error exists in PDFium. A unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2017-5111)
- A heap buffer overflow condition exists in WebGL that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2017-5112)
- A heap buffer overflow condition exists in Skia that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2017-5113)
- An unspecified memory lifecycle issue exists in PDFium that allow an unauthenticated, remote attacker to have an unspecified impact (CVE-2017-5114)
- An unspecified type confusion errors exist in V8. (CVE-2017-5115, CVE-2017-5116)
- An unspecified uninitialized value flaws exist in Skia that allows an unauthenticated, remote attacker to have an unspecified impact. (CVE-2017-5117, CVE-2017-5119)
- An unspecified security bypass vulnerability exists in Blink. An unauthenticated, remote attacker can exploit this to bypass content security policy. (CVE-2017-5118)
- An unspecified flaw allows HTTPS downgrade during redirection. (CVE-2017-5120)
* References :
https://chromereleases.googleblog.com/2017/09/stable-channel-update-for-desktop.html |
| Recommendation |
Upgrade to the latest version Google Chrome (61.0.3163.79 or later), available from the Google Web site at http://www.google.com/chrome/ |
| Related URL |
CVE-2017-5111,CVE-2017-5112,CVE-2017-5113,CVE-2017-5114,CVE-2017-5115,CVE-2017-5116,CVE-2017-5117,CVE-2017-5118,CVE-2017-5119,CVE-2017-5120 (CVE) |
| Related URL |
100610 (SecurityFocus) |
| Related URL |
(ISS) |
|
