SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Web Browser)  >   Google Chrome Vendors:   Google
Google Chrome Multiple Bugs Let Remote Users Execute Arbitrary Code, Bypass Security Restrictions, and Spoof Content
SecurityTracker Alert ID:  1034298
SecurityTracker URL:  http://securitytracker.com/id/1034298
CVE Reference:   CVE-2015-6764, CVE-2015-6765, CVE-2015-6766, CVE-2015-6767, CVE-2015-6768, CVE-2015-6769, CVE-2015-6770, CVE-2015-6771, CVE-2015-6772, CVE-2015-6773, CVE-2015-6774, CVE-2015-6775, CVE-2015-6776, CVE-2015-6777, CVE-2015-6778, CVE-2015-6779, CVE-2015-6780, CVE-2015-6781, CVE-2015-6782, CVE-2015-6783, CVE-2015-6784, CVE-2015-6785, CVE-2015-6786, CVE-2015-6787   (Links to External Site)
Date:  Dec 7 2015
Impact:   Execution of arbitrary code via network, Modification of system information, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 47.0.2526.73
Description:   Multiple vulnerabilities were reported in Google Chrome. A remote user can cause arbitrary code to be executed on the target user's system. A remote user can bypass security controls on the target system. A remote user can spoof content.

A remote user can create specially crafted content that, when loaded by the target user, will execute arbitrary code on the target user's system.

A use-after-free may occur in AppCache [CVE-2015-6765, CVE-2015-6766, CVE-2015-6767].

A cross-origin bypass may occur in DOM [CVE-2015-6768, CVE-2015-6770, CVE-2015-6772].

A cross-origin bypass may occur in core [CVE-2015-6769].

An out-of-bounds access error may occur in v8 [CVE-2015-6771, CVE-2015-6764].

An out-of-bounds access error may occur in Skia [CVE-2015-6773].

A use-after-free may occur in Extensions [CVE-2015-6774, CVE-2015-6778].

A type confusion error may occur in PDFium [CVE-2015-6775].

An out-of-bounds access error may occur in PDFium [CVE-2015-6776].

A use-after-free may occur in DOM [CVE-2015-6777].

A scheme bypass may occur in PDFium [CVE-2015-6779].

A use-after-fre may occur in Infobars [CVE-2015-6780].

An integer overflow may occur in Sfntly [CVE-2015-6781].

A remote user can exploit a flaw in Omnibox to spoof content [CVE-2015-6782].

A signature validation error may occur in Android Crazy Linker [CVE-2015-6783].

An escaping flaw may occur in saved pages [CVE-2015-6784].

A wildcard matching flaw may occur in CSP [CVE-2015-6785].

A scheme bypass may occur in CSP [CVE-2015-6786].

Various additional vulnerabilities exist [CVE-2015-6787].

Mariusz Mlynski, Guang Gong of Qihoo 360 (via pwn2own), cloudfuzzer, Atte Kettunen of OUSPG, Hanno Bock, Long Liu of Qihoo 360 Vulcan Team, Karl Skomski, Til Jasper Ullrich, Khalil Zhani, miaubiz, Luan Herrera, Michal Bednarski, Inti De Ceukelaire, Michael Ficarra / Shape Security, and an anonymous researcher reported these vulnerabilities.

Impact:   A remote user can execute arbitrary code on the target system.

A remote user can bypass security controls on the target system.

A remote user can spoof content.

Solution:   The vendor has issued a fix (47.0.2526.73).

The vendor's advisory is available at:

http://googlechromereleases.blogspot.com/2015/12/stable-channel-update.html

Vendor URL:  googlechromereleases.blogspot.com/2015/12/stable-channel-update.html (Links to External Site)
Cause:   Access control error, Boundary error, Input validation error
Underlying OS:  Linux (Any), UNIX (macOS/OS X), Windows (Any)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC