Summary
The host is installed with Google Chrome
and is prone to multiple vulnerabilities.
Impact
Successful exploitation will allow remote
attackers gain elevated privileges,bypass cross-origin policies, to cause a denial of service or possibly have unspecified other impact via different crafted dimensions.
Impact Level: Application
Solution
Upgrade to Google Chrome version
40.0.2214.111 or later, For updates refer to http://www.google.com/chrome
Insight
Multiple flaws are due to,
- Multiple unspecified vulnerabilities in Google Chrome.
- The 'OriginCanAccessServiceWorkers' function in
content/browser/service_worker/service_worker_dispatcher_host.cc script does not properly restrict the URI scheme during a ServiceWorker registration.
- The 'V8ThrowException::createDOMException' function in bindings/core/v8/V8ThrowException.cpp script in the V8 bindings in Blink does not properly consider frame access restrictions during the throwing of an exception.
- A use-after-free flaw in the 'VisibleSelection::nonBoundaryShadowTreeRootNode' function in editing/VisibleSelection.cpp script is triggered when a selection's anchor is a shadow root.
Affected
Google Chrome version prior to
40.0.2214.111 on Mac OS X.
Detection
Get the installed version with the help of
detect NVT and check the version is vulnerable or not.
References
Severity
Classification
-
CVE CVE-2015-1209, CVE-2015-1210, CVE-2015-1211, CVE-2015-1212 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Adobe Flash Player 'SWF' File Multiple Code Execution Vulnerability - Windows
- Adobe Flash Player 9.0.115.0 and earlier vulnerability (Lin)
- Adobe Acrobat Multiple Vulnerabilities - 01 Jan14 (Windows)
- Adobe AIR Multiple Vulnerabilities(APSB14-24)-(Mac OS X)
- Aastra IP Telephone Hardcoded Telnet Password Security Bypass Vulnerability