icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

Google Chrome < 6.0.472.53 Multiple Vulnerabilities

High

Synopsis

The remote host contains a web browser that is vulnerable to multiple attack vectors.

Description

Versions of Google Chrome earlier than 6.0.472.53 are potentially affected by multiple vulnerabilities :

- It is possible to bypass the pop-up blocker with a blank frame target. (Bug 34414)

- It is possible to visually spoof the URL bar with homographic sequences. (Bug 37201)

- Restrictions on setting clipboard content are not strict enough. (Bug 41654)

- A stale pointer exists in SVG filters. (Bug 45659)

- It may be possible to enumerate installed extensions. (Bug 45876)

- An unspecified vulnerability in WebSockets could lead to a browser NULL crash. (Bugs 46750, 51846)

- A use-after-free error exists in the Notifications presenter. (Bug 50386)

- An unspecified memory corruption issue exists in Notification permissions. (Bug 50839)

- Multiple unspecified integer errors exists in WebSockets. (Bugs 51360, 51739)

- A memory corruption issue exists with counter nodes. (Bug 51653)

- Chrome may store an excessive amount of autocomplete entries. (Bug 51727)

- A stale pointer exists in focus handling. (Bug 52433)

- A Sandbox parameter deserialization error exists. (Bug 52682)

- An unspecified cross-origin image theft issue exists. (Bug 53001)

Solution

Upgrade to Google Chrome 6.0.472.53 or later.