icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

Google Chrome OS < 33.0.1750.152 Multiple Vulnerabilities

High

Synopsis

The remote mobile host was detected using an outdated version of the Chrome OS.

Description

Chrome OS version 33.0.1750.152 (Platform version: 5116.115.4/5116.115.5) was released with fixes for the following security vulnerabilities :

- Memory corruption in V8 via the builtin ArrayBuffer property access, which can lead to remote code execution (CVE-2014-1705) - Command injection in Crosh via the try_touch_experiment function, which may allow a context-dependent attacker to run arbitrary commands (CVE-2014-1706) - Path traversal issue in CrosDisk due to insufficient user input sanitation when mounting a source (CVE-2014-1707) - Issue with file persistence at boot, relating to a flaw in dump_vpd_log (CVE-2014-1708) - Memory corruption flaw in the AsyncPixelTransfersCompletedQuery::End() function in the GPU command buffer, which a context-dependent attacker can leverage to run arbitrary code (CVE-2014-1710) - Out-of-bounds write in the GPU driver, which can be leveraged to execute arbitrary code (CVE-2014-1711) - Use-after-free error in Blink bindings used in the V8 engine, which can be leveraged to execute arbitrary code (CVE-2014-1713)

Solution

Update Chrome OS to version 33.0.1750.152 or later.