Google Chrome < 36.0.1985.143 Multiple Vulnerabilities (Mac OS X)

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

The remote Mac OS X host contains a web browser that is affected by
multiple vulnerabilities.

Description :

The version of Google Chrome installed on the remote Mac OS X host is
a version prior to 36.0.1985.143. It is, therefore, affected by the
following vulnerabilities :

- A use-after-free error exists in the Web Sockets
implementation in Blink which allows remote attackers
to cause a denial of service.
(CVE-2014-3165)

- An information disclosure vulnerability exists due to
the Public Key Pinning (PKP) implementation not
correctly considering the properties of SPDY
connections. This error allows remote attackers to
obtain sensitive information by leveraging the use of
multiple domain names. (CVE-2014-3166)

- Multiple unspecified vulnerabilities allow attackers to
cause a denial of service.
(CVE-2014-3167)

See also :

http://www.nessus.org/u?53a4c8be

Solution :

Upgrade to Google Chrome 36.0.1985.143 or later.

Risk factor :

High / CVSS Base Score : 9.7
(CVSS2#AV:N/AC:L/Au:N/C:P/I:C/A:C)
CVSS Temporal Score : 8.4
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: MacOS X Local Security Checks

Nessus Plugin ID: 77185 ()

Bugtraq ID: 69201
69202
69203

CVE ID: CVE-2014-3165
CVE-2014-3166
CVE-2014-3167