A Vulnerability in Google Chrome Could Allow for Denial of Service

ITS Advisory Number: 
2016-188
Date(s) Issued: 
Thursday, November 3, 2016
Subject: 
A Vulnerability in Google Chrome Could Allow for Denial of Service
Overview: 

A vulnerability has been discovered in Google Chrome, which could result in denial-of-service. Google Chrome is a web browser used to access the Internet. This vulnerability can be exploited if a user visits, or is redirected to, a specially crafted web page. Successful exploitation of this vulnerability could allow an attacker to cause denial-of-service conditions.

Systems Affected: 
  • Google Chrome prior to 54.0.2840.87 for Windows and Mac
  • Google Chrome prior to 54.0.2840.90 for Linux
RISK
GOVERNMENT
Large and medium government entities: 
High
Small government entities: 
High
BUSINESS
Large and medium business entities: 
High
Small business entities: 
High
Home Users: 
Medium
Description: 

A vulnerability has been discovered in Google Chrome, which could result in Denial of Service. Details of the vulnerability are as follows:

  • Out of bounds memory access in V8 (CVE-2016-5198)

Successful exploitation of this vulnerability could allow an attacker to cause denial-of-service conditions.

Actions: 
  • After appropriate testing, apply patches provided by Google to vulnerable systems.
  • Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.
  • Remind users not to visit un-trusted websites or follow links provided by unknown or un-trusted sources.
  • Inform and educate users regarding the threats posed by hypertext links contained in emails or attachments especially from un-trusted sources.