Google Chrome < 36.0.1985.143 Multiple Vulnerabilities (Mac OS X)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Synopsis :

The remote Mac OS X host contains a web browser that is affected by
multiple vulnerabilities.

Description :

The version of Google Chrome installed on the remote Mac OS X host is
a version prior to 36.0.1985.143. It is, therefore, affected by the
following vulnerabilities :

- A use-after-free error exists in the Web Sockets
implementation in Blink which allows remote attackers
to cause a denial of service.

- An information disclosure vulnerability exists due to
the Public Key Pinning (PKP) implementation not
correctly considering the properties of SPDY
connections. This error allows remote attackers to
obtain sensitive information by leveraging the use of
multiple domain names. (CVE-2014-3166)

- Multiple unspecified vulnerabilities allow attackers to
cause a denial of service.

See also :

Solution :

Upgrade to Google Chrome 36.0.1985.143 or later.

Risk factor :

Medium / CVSS Base Score : 6.8
CVSS Temporal Score : 5.9
Public Exploit Available : false

Family: MacOS X Local Security Checks

Nessus Plugin ID: 77185 ()

Bugtraq ID: 69201

CVE ID: CVE-2014-3165

Ready to Scan Unlimited IPs & Run Compliance Checks?

Upgrade to Nessus Professional today!

Buy Now

Combine the Power of Nessus with the Ease of Cloud

Start your free Nessus Cloud trial now!

Begin Free Trial