| VID |
28898 |
| Severity |
40 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The version of Google Chrome installed on the remote Windows host is prior to 62.0.3202.89. It is, therefore, affected by multiple vulnerabilities as noted in Chrome stable channel update release notes. Please refer to the release notes for additional information.
[$TBD][777728] Critical CVE-2017-15398: Stack buffer overflow in QUIC. Reported by Ned Williamson on 2017-10-24
[$7500][776677] High CVE-2017-15399: Use after free in V8. Reported by Zhao Qixun(@S0rryMybad) of Qihoo 360 Vulcan Team on 2017-10-20
* Note: This check requires an account with administrative privileges which can log into the host to scan. Absence of this condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* References:
https://chromereleases.googleblog.com/2017/11/stable-channel-update-for-desktop.html
* Platforms Affected:
Google Chrome versions prior to 62.0.3202.89
Microsoft Windows Any version |
| Recommendation |
Upgrade to the latest version Google Chrome (62.0.3202.89 or later), available from the Google Web site at http://www.google.com/chrome/ |
| Related URL |
CVE-2017-15398,CVE-2017-15399 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
