HomePentest-Tools.com Logo

Google Chrome Multiple Vulnerabilities-02 Apr15 (Windows) CVE-2015-3335CVE-2015-3334CVE-2015-3333CVE-2015-1249CVE-2015-1247CVE-2015-1246CVE-2015-1244CVE-2015-1242CVE-2015-1241CVE-2015-1240CVE-2015-1238CVE-2015-1237CVE-2015-1236CVE-2015-1235CVE-2015-3336

Severity
Not available
CVSSv3 Score
Not available
Vulnerability description

Google Chrome is prone to multiple vulnerabilities.

Risk description

Multiple flaws are due to: - Missing address space usage limitation in the NaCl process. - Permissions for camera and microphone are merged into a single Media permission instead of treated as two separate permission. - Flaw in the SearchEngineTabHelper::OnPageHasOSDD function in ui/search_engines/search_engine_tab_helper.cc script that is triggered when handling URLs for OpenSearch descriptor. - An unspecified out-of-bounds read flaw in Blink. - A flaw related to WebSocket connections as HSTS (HTTP Strict Transport Security) is not enforced. - A type confusion flaw in the ReduceTransitionElementsKind function in hydrogen-check-elimination.cc script related to HTransitionElementsKind handling. - A Tap-Jacking flaw that is triggered as certain synthetic Tap events arent preceded by TapDown events. - An unspecified out-of-bounds read flaw in WebGL related to handling of ES3 commands. - An unspecified out-of-bounds write flaw in Skia. - A use-after-free error in content/renderer/render_frame_impl.cc script. - A flaw in the MediaElementAudioSourceNode::process function in modules/webaudio/MediaElementAudioSourceNode.cpp script. - An unspecified flaw in the HTML Parser. - Multiple unspecified Vulnerabilities - Browser does not confirm with the user before setting CONTENT_SETTINGS_TYPE_FULLSCREEN and CONTENT_SETTINGS_TYPE_MOUSELOCK. Successful exploitation will allow remote attackers to bypass security restrictions, conduct row-hammer attacks, obtain sensitive data, trigger unintended UI actions via crafted dimension, cause a denial of service and other unspecified impacts.

Recommendation

Upgrade to Google Chrome version 42.0.2311.90 or later.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Apr 19, 2015
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available