10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
AI Score
Confidence
High
0.033 Low
EPSS
Percentile
91.3%
Multiple serious vulnerabilities have been found in Google Chrome. Malicious users can exploit these vulnerabilities to cause denial of service, spoof user interface, bypass security restrictions or execute arbitrary code.
Below is a complete list of vulnerabilities
Technical details
Vulnerability (1) related to BasicJsonStringifier::SerializeJSArray function in json-stringifier.h in the JSON stringifier which improperly loads array elements. Also same vulnerability merged to (1) caused by js/array.js improperly implements map and filter arrays operations. Exploitation of (1) can lead to out-of-bounds memory access.
There are three vulnerabilities merged into (2) related to content/browser/appcache/appcache_update_job.cc, content/browser/appcache/appcache_dispatcher_host.cc and other unknown places in AppCache. This vulnerability can be exploited via leveraging mishandling of AppCache update jobs, incorrect jobs behavior associated with duplicate cache selection or incorrect pointer maintenance associated with certain callbacks.
Vulnerability (4) related to provisional-load commit implementation in WebKit/Source/bindings/core/v8/WindowProxy.cpp and can be triggered via leveraging delay in window proxy cleaning.
Vulnerability (5) caused by DOM implementation which doesn’t prevend javascript: URL navigation while docunment is detached. This vulnerability can be exploited via JS code improperly interacts with a plugin.
Vulnerability (6) caused by convolution implementation which improper constrains row lengths.
Vulnerability (7) related to GetLoadTimes function in renderer/loadtimes_extension_bindings.cc and can be triggered via JS code modifying pointer used fir reporting loadTimes data.
Vulnerability (8) related to fpdfsdk/src/jsapi/fxjs_v8.cpp which doesn’t use signatures.
Vulnerability (9) related to opj_dwt_decode_1* functions in dwt.c in OpenJPEG and can be triggered via data that’s mishandling during discrete wavelet transform.
Vulnerability (10) related to ContainerNode::notifyNodeInsertedInternal function in WebKit/Source/core/dom/ContainerNode.cpp and can be triggered via DOMCharacterDataModified events for certain detached-subtree insertions.
Vulnerability (11) related to CJBig2_SymbolDict class in fxcodec/jbig2/JBig2_SymbolDict.cpp and can be triggered via JBIG2 compressed data.
Vulnerability (13) related to browser/ui/views/website_settings/website_settings_popup_view.cc.
Vulnerability (14) related to FontData::Bound function in data/font_data.cc and can be triggered via offset or kength values within font data in the container.
Vulnerability (15) related to Document::open function in WebKit/Source/core/dom/Document.cpp shich doesn’t ensure that page-dismissal event handling is compatible with modal-dialog blocking.
Vulnerability (16) FindStartOffsetOfFileInZipFile function in crazy_linker_zip.cpp in Android 5.x and 6.x which improperly search EOCD record.
Vulnerability (17) caused by mishandling Mark of the Web comments for URLs containing “–” sequence.
Vulnerability (18) caused by CSPSource::hostMatches and CSPSourceList::matches dunctions at WebKit/Source/core/frame/csp/CSPSource.cpp and CSPSourceList.cpp respectively which accepts an x.y hostname as a match for a *.x.y pattern () for first of merged vulnerabilities and accepts a blob:, data:, or filesystem: URL as a match for a * pattern for second.
Vulnerability (20) related to AudioOutputDevice::OnDeviceAuthorized function in media/audio/audio_output_device.cc and can be triggered via access to an unauthorized audio output devices.
Vulnerability (21) related to VideoFramePool::PoolImpl::CreateFrame function in media/base/video_frame_pool.cc which does not initialize memory for video-frame data. This vulnerability can be triggered via leveraging improper interaction with the vp3_h_loop_filter_c function in libavcodec/vp3dsp.c in FFmpeg
Public exploits exist for this vulnerability.
CVE-2015-6765 critical
CVE-2015-6766 critical
CVE-2015-6767 critical
CVE-2015-6768 critical
CVE-2015-6769 critical
CVE-2015-6770 critical
CVE-2015-6771 critical
CVE-2015-6772 critical
CVE-2015-6773 critical
CVE-2015-6774 critical
CVE-2015-6787 critical
CVE-2015-6785 warning
CVE-2015-6786 warning
CVE-2015-8480 critical
CVE-2015-8478 critical
CVE-2015-8479 critical
CVE-2015-6778 critical
CVE-2015-6777 critical
CVE-2015-6776 high
CVE-2015-6775 critical
CVE-2015-6782 warning
CVE-2015-6781 critical
CVE-2015-6780 high
CVE-2015-6779 warning
CVE-2015-6784 warning
CVE-2015-6783 warning
CVE-2015-6764 critical
Update to the latest version. File with name old_chrome can be still detected after update. It caused by Google Chrome update policy which does not remove old versions when installing updates. Try to contact vendor for further delete instructions or ignore such kind of alerts at your own risk.
Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.
Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.
Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.
Cross site scripting. Exploitation of vulnerabilities with this impact can lead to partial interception of information transmitted between user and site.
Spoof user interface. Exploitation of vulnerabilities with this impact can lead to changes in user interface to beguile user into inaccurate behavior.
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
AI Score
Confidence
High
0.033 Low
EPSS
Percentile
91.3%