Description: | Summary: Google Chrome is prone to multiple vulnerabilities.
Vulnerability Insight: Multiple flaws exist due to:
- Cross-origin bypass in extension bindings.
- Cross-origin bypass in Blink.
- Cross-origin bypass in extensions.
- Type confusion in V8.
- Heap overflow in V8.
- Heap use-after-free in V8 bindings.
- Heap use-after-free in Skia.
- Heap overflow in PDFium.
- CSP bypass for ServiceWorker.
- Out-of-bounds access in libxslt.
- Integer overflow in libxslt.
- Out-of-bounds read in PDFium.
- Information leak in extensions.
- Out-of-bounds read in V8.
- Heap buffer overflow in media.
- Heap use-after-free in Autofill.
- Heap buffer-overflow in Skia.
- Limited cross-origin bypass in ServiceWorker.
- HTTP Download of Software Removal Tool.
- HPKP pins removed on cache clearance.
- Various fixes from internal audits, fuzzing and other initiatives.
Vulnerability Impact: Successful exploitation of this vulnerability will allow remote attackers to bypass security restrictions, to obtain sensitive information and to cause a denial of service (buffer overflow) or possibly have unspecified other impacts.
Affected Software/OS: Google Chrome version prior to 51.0.2704.63 on Linux
Solution: Upgrade to Google Chrome version 51.0.2704.63 or later.
CVSS Score: 6.8
CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
|