Google Chrome < 42.0.2311.135 Multiple Vulnerabilities

The version of Google Chrome on the remote host is prior to 42.0.2311.135 and is affected by the following vulnerabilities :

• A use-after-free condition in the ‘MutationObserver::disconnect()’ function in ‘dom/MutationObserver.cpp’. The issue is triggered when iterating over a cloned set and attempting to unregister a MutationObserver registration already unregistered from the original set. With a specially crafted web page, a context-dependent attacker can dereference already freed memory and potentially execute arbitrary code. (CVE-2015-1243)

• A flaw exists in ‘media/audio/audio_parameters.cc’ that is triggered when handling channel counts that do not match the channel layout. This may allow a context-dependent attacker to potentially execute arbitrary code.

• A flaw exists that is triggered when handling audio conversion with certain channel layouts. This may allow a context-dependent attacker to potentially execute arbitrary code.

• A flaw exists in the ‘HTMLImportTreeRoot::recalcTimerFired()’ function in ‘html/imports/HTMLImportTreeRoot.cpp’. With a specially crafted web page, a context-dependent attacker can potentially execute arbitrary code.

• OpenJPEG as used in Google Chrome contains an integer overflow condition in the ‘opj_j2k_update_image_data()’ function in ‘j2k.c’ that is triggered when handling overly large image dimensions. This may allow a context-dependent attacker to cause a heap-based buffer overflow, crashing an application linked against the library or potentially allow execution of arbitrary code. (CVE-2015-1250)