MS-ISAC CYBERSECURITY ADVISORIES

MS-ISAC ADVISORY NUMBER:
2016-114

DATE(S) ISSUED:
08/02/2016

SUBJECT:
Multiple Vulnerabilities in Google Chrome Could Allow for Remote Code Execution

OVERVIEW:

Multiple vulnerabilities have been identified in Mozilla Firefox and Firefox ESR, which could allow for arbitrary code execution. Mozilla Firefox is a web browser used to access the Internet. Mozilla Firefox ESR is a version of the web browser intended to be deployed in large organizations. Exploitation of these vulnerabilities could allow an attacker to bypass same-origin policy restrictions to access data, and execute arbitrary code in the context of the affected application.

THREAT INTELLIGENCE:

There are currently no reports of these vulnerabilities being exploited in the wild.

SYSTEM AFFECTED:

· Google Chrome prior to 52.0.2743.116

RISK:

Government:

· Large and medium government entities:High

· Small government entities: Medium

Businesses:

· Large and medium business entities:High

· Small business entities:Medium

Home users: Low

TECHNICAL SUMMARY:

Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could result in remote code execution. These vulnerabilities can be exploited if a user visits, or is redirected to, a specially crafted web page. Details of the vulnerabilities are as follows:

· A heap-based buffer-overflow vulnerability that exists in pdfium. (CVE-2016-5139)

·A heap-based buffer-overflow vulnerability that exists in pdfium. (CVE-2016-5140)

·A security vulnerability exists due to address bar spoofing. (CVE-2016-5141)

· A use-after-free vulnerability exists due to an error in Extensions. (CVE-2016-5142)

·Vulnerabilities in DevTools because it fails to properly sanitize parameter. (CVE-2016-5143) (CVE-2016-5144)

· A security vulnerability that exists due to a same-origin bypass in Blink. (CVE-2016-5145)

· Multiple unspecified security vulnerabilities. (CVE-2016-5146)

Successful exploitation of these vulnerabilities could allow an attacker to execute remote code in the context of the browser, obtain sensitive information, bypass security restrictions, or cause denial-of-service conditions.

RECOMMENDATIONS:

We recommend the following actions be taken:

· Apply appropriate patches provided by Google to vulnerable systems immediately after appropriate testing.

· Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.

·Remind users not to visit un-trusted websites or follow links provided by unknown or un-trusted sources.

·Inform and educate users regarding the threats posed by hypertext links contained in emails or attachments especially from un-trusted sources.

REFERENCES:

Google:

http://googlechromereleases.blogspot.in/2016/08/stable-channel-update-for-desktop.html

 

CVE:

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5139

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5140

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5141

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5142

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5143

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5144

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5145

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5146