Google Chrome < 30.0.1599.66 Multiple Vulnerabilities

This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.


Synopsis :

The remote host contains a web browser that is affected by multiple
vulnerabilities.

Description :

The version of Google Chrome installed on the remote host is a version
prior to 30.0.1599.66. It is, therefore, affected by multiple
vulnerabilities :

- A race condition exists related to 'Web Audio'.
(CVE-2013-2906)

- Out-of-bounds read errors exist related to
the 'Window.prototype' object, 'Web Audio', and URL
parsing. (CVE-2013-2907, CVE-2013-2917, CVE-2013-2920)

- Several errors exist related to the address bar that
could allow spoofing attacks. (CVE-2013-2908,
CVE-2013-2915, CVE-2013-2916)

- Use-after-free errors exist related to 'inline-block'
rendering, 'Web Audio', XSLT, PPAPI, XML document
parsing, Windows color chooser dialog, DOM, the
resource loader, the 'template' element and ICU.
(CVE-2013-2909, CVE-2013-2910, CVE-2013-2911,
CVE-2013-2912, CVE-2013-2913, CVE-2013-2914,
CVE-2013-2918, CVE-2013-2921, CVE-2013-2922,
CVE-2013-2924)

- A memory corruption error exists in the V8
JavaScript engine. (CVE-2013-2919)

- Various, unspecified errors exist. (CVE-2013-2923)

See also :

http://www.nessus.org/u?0e1731d9

Solution :

Upgrade to Google Chrome 30.0.1599.66 or later.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.9
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false