The version of Google Chrome installed on the remote host is prior to 58.0.3029.81, and is affected by multiple vulnerabilities :
- A type confusion error exists in PDFium in the ‘CJS_Object::GetEmbedObject()’ function that allows an unauthenticated, remote attacker to have an unspecified impact. (CVE-2017-5057)
- A use-after-free error exists in Print Preview that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2017-5058)
- A type confusion error exists in Blink due to improper handling of pseudo-elements in layout trees. An unauthenticated, remote attacker can exploit this to have an unspecified impact. (CVE-2017-5059)
- A spoofing vulnerability exists in ‘url_formatter.cc’ due to improper handling of Cyrillic letters in domain names. An unauthenticated, remote attacker can exploit this to spoof URLs in the address bar. (CVE-2017-5060)
- A flaw exists in the Omnibox component that is triggered as unloaded content may be rendered in a compositor frame after a navigation commit. An unauthenticated, remote attacker can exploit this to spoof URLs in the address bar. (CVE-2017-5061)
- A use-after-free error exists in the Apps component that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2017-5062)
- A heap-based buffer overflow condition exists in the Skia component in the ‘spanSlowRate()’ function in ‘SkLinearBitmapPipeline_sample.h’ due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution arbitrary code. (CVE-2017-5063)
- A use-after-free error exists in Blink that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2017-5064)
- A flaw exists in Blink due to a failure to properly close validation bubbles when uploading a document. An unauthenticated, remote attacker can exploit this to cause an unspecified impact. (CVE-2017-5065)
- A flaw exists in the Networking component due to a failure to verify certificate chains that have mismatching signature algorithms. An unauthenticated, remote attacker can exploit this to have an unspecified impact. (CVE-2017-5066)
- An unspecified flaw exists in the Omnibox component that allows an unauthenticated, remote attacker to spoof URLs. (CVE-2017-5067)
- A same-origin policy bypass vulnerability exists in the ‘PingLoader::sendViolationReport()’ function in ‘PingLoader.cpp’ due to improper handling of HTTP Content-Type headers in CSP or XSS auditor violation reports. An unauthenticated, remote attacker can exploit this to bypass the same-origin policy. (CVE-2017-5069)