Accessibility Options |  Sitemap |  Contact Us
   
 
 
 
HOME space ABOUTCERTIn space KNOWLEDGEBASE space TRAINING space ADVISORIES space VULNOTES space space Facebook space x space insta space youtube space Linkedin
WLine
DigitalIndia
WLine
csk
WLine
Full Member FIRST
Line
Operational Member TFCSIRT
Line
Accredited Member APCERT
Line
Global Research Partner APWG
Line
Associate Partner Charter
Line
CNA
WLine
 Directions by CERT-In under  Section 70B, Information  Technology Act 2000
WLine
 Guidelines on Information  Security Practices for  Government Entities
WLine
 Technical Guidelines on NEW  SOFTWARE BILL OF MATERIALS  (SBOM)
WLine
 Cyber Security GuidelinesNEW  for Smart City Infrastructure
About CERT-in
Line
point point Client's /Citizen's Charter
Line
point point Roles & Functions
Line
point point Advisory Committee
Line
point point Act/Rules/Regulations
Line
point point Internal Complaint Committee         (ICC) 
Line
point point RFC2350 
line
point point Press  
Line
point point Tender 
Line
point point Subscribe Mailing List
Line
point point Contact Us
Line
Line
Reporting
point
 Incident Reporting
point
Line
point
 Vulnerability Reporting
point
Line
point
 Feedback
point
Line
KnowledgeBase
Line
point Point Guidelines
Line
point Point Presentations
Line
point Point White Papers 
Line
point Point Annual Report 
Line
Line
Line
line
Line
line
line
Advisories
Line
VulnerabilityNotes
Line
RelatedLinks
Line
point Point World CERTs
Line
point point Antivirus Resources
line
point point FAQ
line
line
Line
Line
line
line
line
line
line
line
line
line
line
line
line
line
line
line
line
line
line
line
line
line
line
line
spacer
Home - AdvisoriesPrint
point

CERT-In Advisory CIAD-2015-0058

Multiple Vulnerabilities in Google Chrome

Original Issue Date: October 26, 2015

Severity Rating: High

Software Affected

  • Google Chrome Version  prior to 46.0.2490.71

Overview

Multiple vulnerabilities have been reported in Google chrome which could be exploited by remote attackers   to execute arbitrary code, access sensitive information, bypass security restrictions, or cause a denial of service (DoS) conditions on the affected system.

Description

1. Cross-Origin-bypass Vulnerability in Blink ( CVE-2015-6755   )

This vulnerability exists in ContainerNode::parserInsertBefore function in core/dom/ContainerNode.cpp in Blink, which proceeds with a DOM tree insertion in certain cases where a parent node no longer contains a child node. A remote attacker could exploit this vulnerability via crafted JavaScript code. Successful exploitation of this vulnerability could allow remote attackers to bypass the Same Origin Policy.

 2. User-After-Free Vulnerability in in PDFium ( CVE-2015-6756   )

This vulnerability exists in CPDFSDK_PageView implementation in fpdfsdk/src/fsdk_mgr.cpp in PDFium. A remote attacker could exploit this vulnerability by leveraging mishandling of a focused annotation in a PDF document. Successful exploitation of this vulnerability could allow remote attacker to cause denial of service (heap memory corruption) conditions or possibly unspecified other impact on the affected system.

 3. User-After-Free Vulnerability in Service Worker ( CVE-2015-6757   )

This vulnerability exists in content/browser/service_worker/embedded_worker_instance.cc in the Service Worker implementation in Google Chrome. A remote attacker could exploit this vulnerability by leveraging object destruction in a callback. Successful exploitation of this vulnerability could allow remote attackers to cause denial of service on the affected system.

 4. Variable cast Vulnerability in PDFium ( CVE-2015-6758   )

This vulnerability exists in CPDF_Document::GetPage function in fpdfapi/fpdf_parser/fpdf_parser_document.cpp in PDFium, which does not  properly perform the cast of a dictionary object. A remote attacker could exploit this vulnerability by enticing users to open a specially crafted PDF document. Successful exploitation of this vulnerability could allow remote attackers to cause denial of service and further attacks on affected system.

 5. Information Disclosure Vulnerability in Local Storage ( CVE-2015-6759   )

This vulnerability exists in shouldTreatAsUniqueOrigin function in platform/weborigin/SecurityOrigin.cpp in Blink, which is not properly ensure that the origin of a Local Storage resource is considered unique. A remote attacker could exploit this vulnerability via vectors involving a blob:URL. Successful exploitation of this vulnerability could allow remote attackers to obtain sensitive information from the targeted system.

 6. Denial of Service Vulnerability in libANGLE ( CVE-2015-6760   )

This vulnerability exists in Image11::map function in renderer/d3d/d3d11/Image11.cpp in libANGLE, which mishandles mapping failures after device lost events. A remote attacker could exploit this vulnerability via vectors involving a removed device. Successful exploitation of this vulnerability could allow remote attackers to cause a denial of service (invalid read or write) or possibly other uspecified impacts on the affected system.

 7. Memory corruption Vulnerability in FFmpeg ( CVE-2015-6761   )

This vulnerability exists in update_dimensions function in libavcodec/vp8.c in FFmpeg, relies on a coefficient-partition count during multi-threaded operation. A remote attacker could exploit this vulnerability via a crafted WebM file. Successful exploitation of this vulnerability could allow remote attackers to cause a denial of service (race condition and memory corruption) and further attacks on the affected system.

 8. Cross-origin resource sharing Vulnerability ( CVE-2015-6762   )

This vulnerability exists in CSSFontFaceSrcValue::fetch function in core/css/CSSFontFaceSrcValue.cpp in the Cascading Style Sheets (CSS), which does not use CORS cross-origin request algorithm when a font's URL appears to be a same-origin URL. A remote attacker could exploit this vulnerability via a redirect. Successful exploitation of this vulnerability could allow remote attackers to bypass the same origin policy on the affected system.

 9. Unspecified Vulnerabilities ( CVE-2015-6763   )

Multiple vulnerabilities exists in Google Chrome. A remote attacker could exploit these vulnerabilities via unknown vectors. Successful exploitation of these vulnerabilities could allow remote attackers to cause a denial of service and further attacks on the affected system.

Solution

Upgrade to Google chrome version 46.0.2490.71  

Vendor Information

Google
http://googlechromereleases.blogspot.in/2015/10/stable-channel-update.html

References

Google
http://googlechromereleases.blogspot.in/2015/10/stable-channel-update.html

Security tracker
http://www.securitytracker.com/id/1033816

SecurityFocus
http://www.securityfocus.com/archive/1/536717

CVE Name
CVE-2015-6755
CVE-2015-6756
CVE-2015-6757
CVE-2015-6758
CVE-2015-6759
CVE-2015-6760
CVE-2015-6761
CVE-2015-6762
CVE-2015-6763

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information

Email: info@cert-in.org.in
Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
Electronics Niketan
6, CGO Complex, Lodhi Road,
New Delhi - 110 003
India

 
Indian Computer Emergency Response Team - CERT-In, Ministry of Electronics and Information Technology, Government of India.
Website Policies |  Terms of Use |  Help Last Updated On May 01, 2025