Google Chrome < 19.0.1084.52 Multiple Vulnerabilities

This script is Copyright (C) 2012-2013 Tenable Network Security, Inc.


Synopsis :

The remote host contains a web browser that is affected by multiple
vulnerabilities.

Description :

The version of Google Chrome installed on the remote host is earlier
than 19.0.1084.52 and is, therefore, affected by the following
vulnerabilities :

- An error exists in the v8 JavaScript engine that can
cause application crashes during garbage collection.
(CVE-2011-3103)

- An out-of-bounds read error exists related to 'Skia'.
(CVE-2011-3104)

- Use-after-free errors exist related to
'first-letter handling', browser cache, and invalid
encrypted PDFs. (CVE-2011-3105, CVE-2011-3108,
CVE-2011-3112)

- A memory corruption error exists related to websockets
and SSL. (CVE-2011-3106)

- An error exists related to plugin-in JavaScript
bindings that can cause the application to crash.
(CVE-2011-3107)

- An out-of-bounds write error exists related to PDF
processing. (CVE-2011-3110)

- An invalid read error exists related to the v8
JavaScript engine. (CVE-2011-3111)

- An invalid cast error exists related to colorspace
handling in PDF processing. (CVE-2011-3113)

- A buffer overflow error exists related to PDF
functions. (CVE-2011-3114)

- A type corruption error exists related to the v8
JavaScript engine. (CVE-2011-3115)

See also :

http://www.nessus.org/u?c03d5d79
http://www.nessus.org/u?e39931c9

Solution :

Upgrade to Google Chrome 19.0.1084.52 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.9
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false