Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.807457
Category:General
Title:Google Chrome Multiple Vulnerabilities Mar16 (Windows)
Summary:Google Chrome is prone to multiple vulnerabilities.
Description:Summary:
Google Chrome is prone to multiple vulnerabilities.

Vulnerability Insight:
Multiple flaws exist as,

- The Content Security Policy (CSP) implementation in Blink does not ignore
a URL's path component in the case of a ServiceWorker fetch.

- 'WebKit/Source/core/layout/LayoutBlock.cpp' script in Blink does not
properly determine when anonymous block wrappers may exist.

- Multiple unspecified vulnerabilities.

- Use-after-free vulnerabilities.

- The Web Store inline-installer implementation in the Extensions UI does not
block installations upon deletion of an installation frame.

- The 'SkATan2_255' function in 'effects/gradients/SkSweepGradient.cpp' script
in Skia mishandles arctangent calculations.

- Extensions subsystem does not properly validate the functions.

- The 'PendingScript::notifyFinished' function in 'WebKit/Source/core/dom/PendingScript.cpp'
script relies on memory-cache information about integrity-check
occurrences instead of integrity-check successe.

- 'extensions/renderer/render_frame_observer_natives.cc' script does not properly
consider object lifetimes and re-entrancy issues during
OnDocumentElementCreated handling.

- The 'PPB_Flash_MessageLoop_Impl::InternalRun' function in 'content/renderer/pepper/ppb_flash_message_loop_impl.cc'
script in the Pepper plugin mishandles nested message loops.

- The 'ContainerNode::parserRemoveChild' function in 'WebKit/Source/core/dom/ContainerNode.cpp'
script in Blink mishandles widget updates.

Vulnerability Impact:
Successful exploitation would allow remote
attacker to obtain sensitive information, to cause a denial of service, to bypass
intended access restrictions, to bypass the Subresource Integrity (aka SRI)
protection mechanism and to bypass the Same Origin Policy.

Affected Software/OS:
Google Chrome versions prior to
49.0.2623.75 on Windows.

Solution:
Upgrade to Google Chrome version
49.0.2623.75 or later.

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2016-2845
BugTraq ID: 84168
http://www.securityfocus.com/bid/84168
http://homakov.blogspot.com/2014/01/using-content-security-policy-for-evil.html
http://www.securitytracker.com/id/1035185
http://www.ubuntu.com/usn/USN-2920-1
Common Vulnerability Exposure (CVE) ID: CVE-2016-2844
BugTraq ID: 84170
http://www.securityfocus.com/bid/84170
Common Vulnerability Exposure (CVE) ID: CVE-2016-2843
Common Vulnerability Exposure (CVE) ID: CVE-2016-1642
BugTraq ID: 84008
http://www.securityfocus.com/bid/84008
Debian Security Information: DSA-3507 (Google Search)
http://www.debian.org/security/2016/dsa-3507
SuSE Security Announcement: SUSE-SU-2016:0665 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00015.html
SuSE Security Announcement: openSUSE-SU-2016:0664 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00014.html
SuSE Security Announcement: openSUSE-SU-2016:0684 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00018.html
SuSE Security Announcement: openSUSE-SU-2016:0729 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00028.html
Common Vulnerability Exposure (CVE) ID: CVE-2016-1641
https://security.gentoo.org/glsa/201603-09
Common Vulnerability Exposure (CVE) ID: CVE-2016-1640
Common Vulnerability Exposure (CVE) ID: CVE-2016-1639
Common Vulnerability Exposure (CVE) ID: CVE-2016-1637
Common Vulnerability Exposure (CVE) ID: CVE-2016-1638
Common Vulnerability Exposure (CVE) ID: CVE-2016-1636
Common Vulnerability Exposure (CVE) ID: CVE-2016-1635
Common Vulnerability Exposure (CVE) ID: CVE-2016-1634
Common Vulnerability Exposure (CVE) ID: CVE-2016-1633
Common Vulnerability Exposure (CVE) ID: CVE-2016-1632
Common Vulnerability Exposure (CVE) ID: CVE-2016-1631
Common Vulnerability Exposure (CVE) ID: CVE-2016-1630
CopyrightCopyright (C) 2016 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.