 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.0.805632 |
| Categoría: | General |
| Título: | Google Chrome Multiple Vulnerabilities - 02 - May15 (Mac OS X) |
| Resumen: | The host is installed with Google Chrome; and is prone to multiple vulnerabilities. |
| Descripción: | Summary: The host is installed with Google Chrome and is prone to multiple vulnerabilities. Vulnerability Insight: Multiple flaws are due to: - Multiple unspecified vulnerabilities in Google V8. - Use-after-free vulnerability in the SpeechRecognitionClient implementation in the Speech subsystem. - common/partial_circular_buffer.cc script in Google Chrome does not properly handle wraps. - Vulnerability in core/html/parser/HTMLConstructionSite.cpp in the DOM implementation in Blink, as used in Google Chrome. - Vulnerability in core/dom/Document.cpp in Blink, as used in Google Chrome which allows the inheritance of the designMode attribute. - Use-after-free vulnerability in content/renderer/media/webaudio_capturer_source.cc script in the WebAudio implementation. - Use-after-free vulnerability in the SVG implementation in Blink. - platform/graphics/filters/FEColorMatrix.cpp script in the SVG implementation in Blink. - Google Chrome relies on libvpx code that was not built with an appropriate size-limit value. - PDFium, as used in Google Chrome, does not properly initialize memory. - Multiple use-after-free vulnerabilities in content/renderer/media/user_media_client_impl.cc script in the WebRTC implementation. - Cross-site scripting (XSS) vulnerability in Google Chrome. - The Spellcheck API implementation in Google Chrome before does not use an HTTPS session for downloading a Hunspell dictionary. - platform/fonts/shaping/HarfBuzzShaper.cpp script in Blink, does not initialize a certain width field. Vulnerability Impact: Successful exploitation will allow remote attackers to cause a denial of service, inject arbitrary web script, spoof the URL bar or deliver misleading popup content, bypass the Same Origin Policy and a sandbox protection mechanism, execute arbitrary code and allow man-in-the-middle attackers to deliver incorrect spelling suggestions or possibly have unspecified other impact via crafted dimensions. Affected Software/OS: Google Chrome version prior to 43.0.2357.65 on Mac OS X. Solution: Upgrade to Google Chrome version 43.0.2357.65 or later. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P |
| Referencia Cruzada: |
BugTraq ID: 74723 Common Vulnerability Exposure (CVE) ID: CVE-2015-1251 http://www.securityfocus.com/bid/74723 Bugtraq: 20161123 CVE-2015-1251: Chrome blink SpeechÂ-RecognitionÂ-Controller use-after-free details (Google Search) http://www.securityfocus.com/archive/1/539824/100/0/threaded Debian Security Information: DSA-3267 (Google Search) http://www.debian.org/security/2015/dsa-3267 http://seclists.org/fulldisclosure/2016/Nov/136 https://security.gentoo.org/glsa/201506-04 http://blog.skylined.nl/20161123001.html http://zerodayinitiative.com/advisories/ZDI-15-236/ http://www.securitytracker.com/id/1032375 SuSE Security Announcement: openSUSE-SU-2015:0969 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-05/msg00091.html SuSE Security Announcement: openSUSE-SU-2015:1877 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-11/msg00015.html Common Vulnerability Exposure (CVE) ID: CVE-2015-1252 Common Vulnerability Exposure (CVE) ID: CVE-2015-1253 Common Vulnerability Exposure (CVE) ID: CVE-2015-1254 Common Vulnerability Exposure (CVE) ID: CVE-2015-1255 Common Vulnerability Exposure (CVE) ID: CVE-2015-1256 Common Vulnerability Exposure (CVE) ID: CVE-2015-1257 Common Vulnerability Exposure (CVE) ID: CVE-2015-1258 http://lists.fedoraproject.org/pipermail/package-announce/2015-September/166975.html http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168803.html http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167428.html Common Vulnerability Exposure (CVE) ID: CVE-2015-1259 Common Vulnerability Exposure (CVE) ID: CVE-2015-1260 Common Vulnerability Exposure (CVE) ID: CVE-2015-1262 Common Vulnerability Exposure (CVE) ID: CVE-2015-1263 Common Vulnerability Exposure (CVE) ID: CVE-2015-1264 Common Vulnerability Exposure (CVE) ID: CVE-2015-1265 BugTraq ID: 74727 http://www.securityfocus.com/bid/74727 https://www.exploit-db.com/exploits/37766/ Common Vulnerability Exposure (CVE) ID: CVE-2015-3910 BugTraq ID: 74730 http://www.securityfocus.com/bid/74730 |
| Copyright | Copyright (C) 2015 Greenbone Networks GmbH |
| Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |