Google Chrome < 33.0.1750.117 Multiple Vulnerabilities (Mac OS X)

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

The remote Mac OS X host contains a web browser that is affected by
multiple vulnerabilities.

Description :

The version of Google Chrome installed on the remote Mac OS X host is a
version prior to 33.0.1750.117. It is, therefore, affected by the
following vulnerabilities :

- Use-after-free errors exist related to handling
web components and layout. (CVE-2013-6653,
CVE-2013-6655, CVE-2013-6658)

- A casting error exists related to SVG processing.
(CVE-2013-6654)

- Errors exist related to the XSS auditor that could lead
to disclosure of information. (CVE-2013-6656,
CVE-2013-6657)

- An error exists related to certificate validation and
TLS handshake processing. (CVE-2013-6659)

- An error exists related to drag and drop handling that
could lead to disclosure of information. (CVE-2013-6660)

- Various unspecified errors exist having unspecified
impacts. (CVE-2013-6661)

See also :

http://www.nessus.org/u?43898a73

Solution :

Upgrade to Google Chrome 33.0.1750.117 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.1
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: MacOS X Local Security Checks

Nessus Plugin ID: 72617 ()

Bugtraq ID: 65699

CVE ID: CVE-2013-6653
CVE-2013-6654
CVE-2013-6655
CVE-2013-6656
CVE-2013-6657
CVE-2013-6658
CVE-2013-6659
CVE-2013-6660
CVE-2013-6661