Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | |||
Test ID: | 1.3.6.1.4.1.25623.1.0.807457 |
Category: | General |
Title: | Google Chrome Multiple Vulnerabilities Mar16 (Windows) |
Summary: | Google Chrome is prone to multiple vulnerabilities. |
Description: | Summary: Google Chrome is prone to multiple vulnerabilities. Vulnerability Insight: Multiple flaws exist as, - The Content Security Policy (CSP) implementation in Blink does not ignore a URL's path component in the case of a ServiceWorker fetch. - 'WebKit/Source/core/layout/LayoutBlock.cpp' script in Blink does not properly determine when anonymous block wrappers may exist. - Multiple unspecified vulnerabilities. - Use-after-free vulnerabilities. - The Web Store inline-installer implementation in the Extensions UI does not block installations upon deletion of an installation frame. - The 'SkATan2_255' function in 'effects/gradients/SkSweepGradient.cpp' script in Skia mishandles arctangent calculations. - Extensions subsystem does not properly validate the functions. - The 'PendingScript::notifyFinished' function in 'WebKit/Source/core/dom/PendingScript.cpp' script relies on memory-cache information about integrity-check occurrences instead of integrity-check successe. - 'extensions/renderer/render_frame_observer_natives.cc' script does not properly consider object lifetimes and re-entrancy issues during OnDocumentElementCreated handling. - The 'PPB_Flash_MessageLoop_Impl::InternalRun' function in 'content/renderer/pepper/ppb_flash_message_loop_impl.cc' script in the Pepper plugin mishandles nested message loops. - The 'ContainerNode::parserRemoveChild' function in 'WebKit/Source/core/dom/ContainerNode.cpp' script in Blink mishandles widget updates. Vulnerability Impact: Successful exploitation would allow remote attacker to obtain sensitive information, to cause a denial of service, to bypass intended access restrictions, to bypass the Subresource Integrity (aka SRI) protection mechanism and to bypass the Same Origin Policy. Affected Software/OS: Google Chrome versions prior to 49.0.2623.75 on Windows. Solution: Upgrade to Google Chrome version 49.0.2623.75 or later. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C |
Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2016-2845 BugTraq ID: 84168 http://www.securityfocus.com/bid/84168 http://homakov.blogspot.com/2014/01/using-content-security-policy-for-evil.html http://www.securitytracker.com/id/1035185 http://www.ubuntu.com/usn/USN-2920-1 Common Vulnerability Exposure (CVE) ID: CVE-2016-2844 BugTraq ID: 84170 http://www.securityfocus.com/bid/84170 Common Vulnerability Exposure (CVE) ID: CVE-2016-2843 Common Vulnerability Exposure (CVE) ID: CVE-2016-1642 BugTraq ID: 84008 http://www.securityfocus.com/bid/84008 Debian Security Information: DSA-3507 (Google Search) http://www.debian.org/security/2016/dsa-3507 SuSE Security Announcement: SUSE-SU-2016:0665 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00015.html SuSE Security Announcement: openSUSE-SU-2016:0664 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00014.html SuSE Security Announcement: openSUSE-SU-2016:0684 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00018.html SuSE Security Announcement: openSUSE-SU-2016:0729 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00028.html Common Vulnerability Exposure (CVE) ID: CVE-2016-1641 https://security.gentoo.org/glsa/201603-09 Common Vulnerability Exposure (CVE) ID: CVE-2016-1640 Common Vulnerability Exposure (CVE) ID: CVE-2016-1639 Common Vulnerability Exposure (CVE) ID: CVE-2016-1637 Common Vulnerability Exposure (CVE) ID: CVE-2016-1638 Common Vulnerability Exposure (CVE) ID: CVE-2016-1636 Common Vulnerability Exposure (CVE) ID: CVE-2016-1635 Common Vulnerability Exposure (CVE) ID: CVE-2016-1634 Common Vulnerability Exposure (CVE) ID: CVE-2016-1633 Common Vulnerability Exposure (CVE) ID: CVE-2016-1632 Common Vulnerability Exposure (CVE) ID: CVE-2016-1631 Common Vulnerability Exposure (CVE) ID: CVE-2016-1630 |
Copyright | Copyright (C) 2016 Greenbone Networks GmbH |
This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |