icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

Google Chrome < 28.0.1500.71 Multiple Security Vulnerabilities

High

Synopsis

The remote host contains a web browser that is affected by multiple vulnerabilities.

Description

Versions prior to Google Chrome 28.0.1500.71 are potentially affected by the multiple vulnerabilities, the more serious of which are as follows:

- Several remote code execution vulnerabilities exist due to use-after-free errors in multiple areas. A remote attacker can leverage this to execute arbitrary code in the context of the application. (CVE-2013-2870, CVE-2013-2871, CVE-2013-2873, CVE-2013-2879)

- Memory corruption vulnerabilities exist which may be exploitable to induce arbitrary code execution. (CVE-2013-2869, CVE-2013-2878, CVE-2013-2875)

- Information disclosure vulnerabilities exist that may be exploited by remote attackers to obtain information that can aid in further attacks. (CVE-2013-2853, CVE-2013-2874)

- A security bypass vulnerability exists due to confusion in extensions permissions, which a remote attacker could exploit to bypass intended security restrictions to perform unauthorized actions. (CVE-2013-2876)

Solution

Upgrade to Google Chrome 28.0.1500.71 or later.