Google Chrome < 25.0.1364.152 Multiple Vulnerabilities

high Nessus Plugin ID 65029

Synopsis

The remote host contains a web browser that is affected by multiple vulnerabilities.

Description

The version of Google Chrome installed on the remote host is a version prior to 25.0.1364.152. It is, therefore, affected by the following vulnerabilities :

- Use-after-free errors exist related to the frame loader, browser navigation handling and SVG animation. (CVE-2013-0902, CVE-2013-0903, CVE-2013-0905)

- Memory corruption errors exist related to 'Web Audio' and 'Indexed DB'. (CVE-2013-0904, CVE-2013-0906)

- A race condition exists related to media thread handling. (CVE-2013-0907)

- An unspecified error exists related to extension process bindings. (CVE-2013-0908)

- The 'XSS Auditor' could leak referrer information.
(CVE-2013-0909)

- An unspecified error exists related to loading strictness and 'Mediate renderer -> browser plug-in'.
(CVE-2013-0910)

- A path traversal error exists related to database handling. (CVE-2013-0911)

Solution

Upgrade to Google Chrome 25.0.1364.152 or later.

See Also

http://www.nessus.org/u?f8ae6261

Plugin Details

Severity: High

ID: 65029

File Name: google_chrome_25_0_1364_152.nasl

Version: 1.19

Type: local

Agent: windows

Family: Windows

Published: 3/5/2013

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2013-0911

Vulnerability Information

CPE: cpe:/a:google:chrome

Required KB Items: SMB/Google_Chrome/Installed

Exploit Ease: No known exploits are available

Patch Publication Date: 3/4/2013

Vulnerability Publication Date: 3/4/2013

Reference Information

CVE: CVE-2013-0902, CVE-2013-0903, CVE-2013-0904, CVE-2013-0905, CVE-2013-0906, CVE-2013-0907, CVE-2013-0908, CVE-2013-0909, CVE-2013-0910, CVE-2013-0911

BID: 59515, 59516, 59517, 59518, 59519, 59520, 59521, 59522, 59523, 59524